Spam Is Gateway To Malware Economy, Feds Say - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

Spam Is Gateway To Malware Economy, Feds Say

The biggest problem is the availability of tools that make it easy for the average person to launch spam campaigns, including those that employ phishing to steal personal information.

Having identified spam as a gateway cybercrime that leads to much more serious infractions, such as phishing and identity theft, the U.S. government is promising to crack down on purveyors of unwanted e-mail. That's not going to be easy as new tools flood the market that make it easier to launch spam campaigns.

Speaking at the Federal Trade Commission Spam Summit earlier this week, FBI special agent J. Keith Mularski, said the bureau has 70 active investigations into spam-related crimes.

These investigations aren't limited to the Justice Department, and they often require the help of international law enforcement. Greg Crabb, U.S. postal inspector program manager for the U.S. Postal Service's international affairs group, told the summit that he worked with Interpol and international law enforcement officers from more than a dozen different countries on what he dubbed "Operation Gold Phish" and soon found the investigation leading law enforcement into the "malware economy," he said. There, he encountered cybercriminals like "Barracuda," who sold $300 computer viruses that could be included with spam to steal identity information from of a victim's infected computer.

Another malware writer named "Smash," who's "been a thorn in my side for some time," Crabb said, sells Trojans that can be controlled remotely. Smash's handiwork was found among the property of three Muslim men a British court last week sentenced to up to 10 years in prison for conspiracy to commit murder and incitement to commit terrorist acts.

The greatest evolution in the cyber headache better known as spam is this availability of software that makes it easier for the average user to launch spam campaigns, including those that employ phishing to steal personal information, Andrew Klein, senior product marketing manager with SonicWall, said at the FTC forum. The results of this trend have been eye-opening. A Dutch spammer that Klein referred to as "Mr. X" -- who's since been thrown in jail -- was renting out up to 700 computers that were capable of generating spam campaigns of up to 9 billion e-mails. Two other jailed spammers -- Jeanson James Ancheta and Christopher Maxwell -- were renting botnets out for $300 to $700 per hour.

A community of malware providers has sprouted up such that a spammer can buy a spyware kit online for $17 to create a payload for his spam, and that kit will come with technical support. "You can't get that from Microsoft or any company, my company included," Klein quipped. "These phishing kits have been around for years, but the breadth of what's available is really impressive."

Jens Hinrichsen, product marketing manager for RSA's online threats managed services group, told the forum that he's seeing a disturbingly similar trend. "Double click, and a newbie fraudster can within two seconds create a phishing attack that's ready to go," he said. "We're really seeing a lot of price compression in terms of the tools available."

RSA is seeing about 200 different organizations being imitated by phishing campaigns each month, according to RSA statistics for June. "Of that number, about 35 of those organizations had never been targeted by phishers before," Hinrichsen said, adding. "Of those 35 institutions, about 12 were federal credit unions. Phishing's not going away anywhere soon."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
10 RPA Vendors to Watch
Jessica Davis, Senior Editor, Enterprise Apps,  8/20/2019
Enterprise Guide to Digital Transformation
Cathleen Gagne, Managing Editor, InformationWeek,  8/13/2019
IT Careers: How to Get a Job as a Site Reliability Engineer
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/31/2019
White Papers
Register for InformationWeek Newsletters
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
Flash Poll