Spammers and the botnet operators they’re allied with are continuing to adapt their techniques to evade security technologies, and now are using what amount to disposable domains for their activities. A new report shows that the spammers are buying dozens of domains at a time and moving from one to another as often as several times a day to prevent shutdowns.
Spammers for years have been buying domains in bulk and using them for both redirections to other, often malicious, sites and for locations to set up quick e-commerce sites for sales of pills, pirated software, fake watches or whatever goods they’re pushing that day. Anti-spam services and email filters typically use static lists of known malicious domains or ones known to be used by spammers.
That approach worked well early on in the fight against spam, but as the spammers have analyzed the defenses deployed against them, their tactics have become much more devious and effective of late. New research by security firm M86 Security Labs shows that the amount of time that a spammer uses a given domain is basically a day or less. The company looked at 60 days worth of data from their customers and found that more than 70 percent of the domains used by spammers are active for a day or less.
That’s a major change from the days when large-scale spam operations would buy a couple of dozen random domains, set them up in a bulletproof hosting environment and use them for months at a time. The ease with which these groups can buy domains and move from one to another within a few minutes represents a serious challenge for law enforcement and anti-spam groups. There have been some successes in the fight against spam in recent years, specifically the takedown of McColo. But there are thousands and thousands of smaller operators around the world, making spam a very distributed problem.
As Internet threats go, spam is not exactly sexy. (OK, some of it is.) It’s old, it’s boring and it’s really seen as more of a nuisance than a threat. And that’s part of the current problem that spam presents: It is, in fact, a threat and it’s being overlooked in favor or more buzzworthy attacks with three-letter acronyms.But spam volume remains high, accounting for roughly 88 percent of all email in the first half of 2010, according to the M86 report.
Spam continues to be a major mechanism for spreading malware and is also a key piece of the botnet puzzle. Most of the major botnets are used to deliver spam, especially pharmaceutical spam, and some of those messages also contain malware. That malware often is a copy of a bot program that will then turn the infected machine into a spam engine, perpetuating the cycle.