14 DAY TRIAL // Security experts from Commtouch claim that cyber criminals are increasingly using compromised email accounts in their spam campaigns in order to evade detection.
In its Internet Threats Trend Report for July [pdf download], the company claims that spam coming from compromised or rogue accounts, as well as compromised mail servers, has increased.
"The move away from botnet spam can be attributed to the use of IP reputation mechanisms that have been increasingly successful in blacklisting zombie IP addresses and therefore blocking botnet spam.
"The blocking of spam from compromised accounts based on IP address is more difficult for many anti-spam technologies, since these accounts exist within whitelisted IP address ranges (such as Hotmail or Gmail)," the Commtouch researchers explain.
They claim that during the last quarter cyber criminals focused on acquiring as many compromised email accounts as possible.
This wasn't very hard to do either with hackers dumping tens of thousands of email addresses and passwords into the public domain in recent months for fun or to shame companies.
Before disbanding at the end of last month, the LulzSec hacking outfit alone leaked almost 100,000 email addresses and passwords.
According to statistics compiled by Commtouch regarding the use of compromised emails accounts, it seems that spammers favor Hotmail. "Almost 30% of the spam from Hotmail actually comes from compromised or spammer Hotmail accounts. Gmail spam, on the other hand, is mostly from zombies that simply forge their Gmail addresses," the company says.
Another way of stealing email credentials is via keyloggers or phishing. The millions of email addresses exposed as a result of compromises at large email marketing providers and other companies this year, offered plenty of targets for such attacks.
The good news is that spam levels are at their lowest point in over three years, thanks to the recent takedown of several large spam botnets like Rustock. On the other hand, there's been a spike in malware distribution campaigns, suggesting that botnet masters are trying to rebuild.