Page 4 of 4
Security researchers were blown away by the complexity of the SpamThru Trojan virus that sent a tsunami of spam this fall, including stocks, pills and penis enlargement scams. This fall, a Russian cybergang used the SpamThru Trojan to engineer a tidal wave of junk mail that included everything from stocks to pills. The sophistication of the system that delivered it, which combined 73,000 computers into a single botnet capable of sending out a billion e-mails per day, was unprecedented and contributed to a 60 percent rise in spam during a six week period. So was the virus, which eliminated competing viruses from infected computers and compiled meticulous reports about its infection rates and the location of infected computers and sent them back to the home server, which shifted regularly.
But the most chilling part was the data-mining part of the operation. According to a report by SecureWorks Inc. of Atlanta, the gangsters had hacked into the databases of investment-oriented Web sites to find the e-mail addresses of those who might make the best victims for their pump-and-dump schemes.
While mass-market spam is likely to continue into the future, security analysts say socially engineered spam is now the biggest threat on the horizon. An example might be spam sent only to subscribers of a particular investment service and engineered to look authentic.
Internet security experts are also seeing cybercriminals begin to take advantage of online friends' networks like MySpace to send e-mail to online friends from online friends. So far, these efforts have been fairly easy for the general public to see through, but as they become increasingly sophisticated, that might not always be so.
"Say I want to break into a bank or major corporation like IBM or something like that," says Spitzner. "The easiest way ... to hack into such an organization is you create spam for 300 of the top senior management at said bank, and it looks very real, very professional and if anybody clicks on the e-mail, their computer is hacked. All they need is one percent of those 300 people to click on that e-mail and they're in. So instead of three million people they are going after 300 people."
What happens from there depends on the cybergang's business model. They could steal a company's secrets and sell them to a competitor, blackmail executives, or they could try what is called "spear-phishing." That's where a fraudster who has gained entrance to an organization sends out an authentic looking e-mail from the human resources department asking everyone to immediately fill out a bogus release form that includes the employee's social security number, home address and date of birth and e-mail it back.
Other scams that aren't as targeted are still becoming increasingly creative, says Druker. That's because cybercriminals are now working around the clock. Two to three years ago, it used to be that most spam went out on the weekends, because most fraudsters and virus junkies were part-timers or hobbyists who fooled around one the weekends. Now spam goes out around the clock, every day of the week. That lets them use the news cycle and current hot topics to fool their victims.
"Over the last 60 days, what other trends were they taking advantage of?" asks Druker. "Promoting 'Get a free PlayStation 3' right when they were in demand for Christmas. The Nigerian scheme has now shifted to Iraq. They are just shifting what they do every day to try to make it relevant and topical because they are smart and whatever they can do to make it seem more real to you, they'll do."