Software // Enterprise Applications
News
7/13/2007
03:48 PM
Connect Directly
RSS
E-Mail
50%
50%

Spam Is Gateway To Malware Economy, Feds Say

The biggest problem is the availability of tools that make it easy for the average person to launch spam campaigns, including those that employ phishing to steal personal information.

Having identified spam as a gateway cybercrime that leads to much more serious infractions, such as phishing and identity theft, the U.S. government is promising to crack down on purveyors of unwanted e-mail. That's not going to be easy as new tools flood the market that make it easier to launch spam campaigns.

Speaking at the Federal Trade Commission Spam Summit earlier this week, FBI special agent J. Keith Mularski, said the bureau has 70 active investigations into spam-related crimes.

These investigations aren't limited to the Justice Department, and they often require the help of international law enforcement. Greg Crabb, U.S. postal inspector program manager for the U.S. Postal Service's international affairs group, told the summit that he worked with Interpol and international law enforcement officers from more than a dozen different countries on what he dubbed "Operation Gold Phish" and soon found the investigation leading law enforcement into the "malware economy," he said. There, he encountered cybercriminals like "Barracuda," who sold $300 computer viruses that could be included with spam to steal identity information from of a victim's infected computer.

Another malware writer named "Smash," who's "been a thorn in my side for some time," Crabb said, sells Trojans that can be controlled remotely. Smash's handiwork was found among the property of three Muslim men a British court last week sentenced to up to 10 years in prison for conspiracy to commit murder and incitement to commit terrorist acts.

The greatest evolution in the cyber headache better known as spam is this availability of software that makes it easier for the average user to launch spam campaigns, including those that employ phishing to steal personal information, Andrew Klein, senior product marketing manager with SonicWall, said at the FTC forum. The results of this trend have been eye-opening. A Dutch spammer that Klein referred to as "Mr. X" -- who's since been thrown in jail -- was renting out up to 700 computers that were capable of generating spam campaigns of up to 9 billion e-mails. Two other jailed spammers -- Jeanson James Ancheta and Christopher Maxwell -- were renting botnets out for $300 to $700 per hour.

A community of malware providers has sprouted up such that a spammer can buy a spyware kit online for $17 to create a payload for his spam, and that kit will come with technical support. "You can't get that from Microsoft or any company, my company included," Klein quipped. "These phishing kits have been around for years, but the breadth of what's available is really impressive."

Jens Hinrichsen, product marketing manager for RSA's online threats managed services group, told the forum that he's seeing a disturbingly similar trend. "Double click, and a newbie fraudster can within two seconds create a phishing attack that's ready to go," he said. "We're really seeing a lot of price compression in terms of the tools available."

RSA is seeing about 200 different organizations being imitated by phishing campaigns each month, according to RSA statistics for June. "Of that number, about 35 of those organizations had never been targeted by phishers before," Hinrichsen said, adding. "Of those 35 institutions, about 12 were federal credit unions. Phishing's not going away anywhere soon."

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.