Nowadays the global amount of spam messages is 70% compare to 90% that it was in 2009. In this direction they helped the legal actions of Microsoft that reduce the daily amount of spam messages from 52 billion to 33 billion per day. The pharmaceutical spam, which is a special sector of these messages, was decreased to half (32, 5%) ever since Symantec had started tracking it.  Some striking examples in countries are these:

Russia is the most spammed area in the world with the extremely high rate of 76,7 % !The subsequent country is South Arabia which has 76,6%  spam messages!!Last but not least, U.S.A is in a little better situation despite having 69,9 % of  spam e-mails!

Unfortunately, spammers always find a way to get away and in combination with using more targeted malware in order to approach the people, there is not a rapid and determined decline of these messages! The main aim of that junk mail is to deceive the victims or to steal important data of a big company! A prime example of these attacks is the Stuxnet worm is an incredibly large and complex threat.

The Stuxnet worm is a “wake-up call” because of its complexity and its aim at critical infrastructure systems. It can spy on and reprogram industrial control systems and grant hackers control of critical infrastructures. Use four zero-day vulnerabilities; compromise two digital certificates; inject code into industrial control systems and hide the code from operators;

In particular, the malevolent users or programs try to establish a stable access to the main data base of company or of an organization so as to extort information or top secrets. But the problem is getting more and more serious because prompts have been already done in order to destroy the economy of a country or cause a significant damage!

Daily many attacks are reported and blocked through the spam messages. For instance, approximately 94 attacks were blocked by Symantec worldwide each day in November. In addition, in US one attack was blocked every day and in Japan one such attack was blocked every nine days!

In conclusion, some sectors for 2011 totally, which receive targeted attacks daily are:

• The public sector with about 20 attacks per day.
• The chemical and pharmaceutical industry sector with 18, 6 each day.
• The manufacturing (sector) with 13,6 attacks blocked daily.

Relative links:

http://news.cnet.com/8301-1009_3-57338317-83/spam-sinks-to-lowest-level-in-almost-three-years-says-symantec/

http://news.cnet.com/8301-1009_3-20048803-83.html

http://news.cnet.com/8301-27080_3-20023124-245.html?tag=mncol;txt

While the World Cup soccer tournament is still more than two months away, researchers from Symantec are reporting on a targeted malware campaign using a FIFA World Cup theme. Attackers changed Greenlife’s PDF document to include malicious code. Emails contain this attached PDF file claiming to provide a guide to the first African edition of football’s most prestigious tournament.

The attack makes use of a recently patched Adobe Reader vulnerability to drop malware into machines running an unpatched version of Adobe reader. The exploit takes advantage of a flaw in the TIFF file parsing in Adobe Reader. In particular, a stack overflow is caused by inserting a TIFF image into the PDF with a specially crafted “DotRange” tag.

A successful execution of the attack drops a rootlet and a backdoor Trojan on compromised machines.

Anticipating the logical increase of FIFA World Cup 2010 themed malicious activity due to millions of funs, some stats showing the dynamics of malicious sites and spam campaigns using the World Cup as theme have been released.

Snowshoe spam appears to be a novel tactic used by spammers to avoid detection by traditional means. In detail, unsolicited e-mail messages are sent not massively from botnets or other compromised IP address ranges but in modest volumes from unallocated addresses. Spam is sent from many small IP ranges on many Internet Service Providers (ISPs), using many different domains, and the IPs and domains change rapidly. As a result, these messages  do not trigger automated spam blocking filters or reputation metrics. Nevertheless, spreading out the spam load over a larger area, ultimately adds up to be as effective as flooding.

The article goes on proposing a more reactive type of blacklist, titled “Spamhaus Composite Snow-Shoe (CSS)”. However, such cases point out the inherit weaknesses of list-based defences against spammers.

Earlier this year, in the USENIX Security Symposium 2009, a group of researchers from Georgia Tech collaborating with McAfee Inc., published a paper (pdf) presenting a spam-fighting technique which relied solely on network-level features of an e-mail message such as the distance in IP space to other email senders or the geographic distance between sender and receiver. Their method of operation employed behavioral characteristics of spam and one could argue that it would be more effective that the Spamhaus way.