Spam Is Gateway To Malware Economy, Feds Say - InformationWeek
Software // Enterprise Applications
03:48 PM

Spam Is Gateway To Malware Economy, Feds Say

The biggest problem is the availability of tools that make it easy for the average person to launch spam campaigns, including those that employ phishing to steal personal information.

Having identified spam as a gateway cybercrime that leads to much more serious infractions, such as phishing and identity theft, the U.S. government is promising to crack down on purveyors of unwanted e-mail. That's not going to be easy as new tools flood the market that make it easier to launch spam campaigns.

Speaking at the Federal Trade Commission Spam Summit earlier this week, FBI special agent J. Keith Mularski, said the bureau has 70 active investigations into spam-related crimes.

These investigations aren't limited to the Justice Department, and they often require the help of international law enforcement. Greg Crabb, U.S. postal inspector program manager for the U.S. Postal Service's international affairs group, told the summit that he worked with Interpol and international law enforcement officers from more than a dozen different countries on what he dubbed "Operation Gold Phish" and soon found the investigation leading law enforcement into the "malware economy," he said. There, he encountered cybercriminals like "Barracuda," who sold $300 computer viruses that could be included with spam to steal identity information from of a victim's infected computer.

Another malware writer named "Smash," who's "been a thorn in my side for some time," Crabb said, sells Trojans that can be controlled remotely. Smash's handiwork was found among the property of three Muslim men a British court last week sentenced to up to 10 years in prison for conspiracy to commit murder and incitement to commit terrorist acts.

The greatest evolution in the cyber headache better known as spam is this availability of software that makes it easier for the average user to launch spam campaigns, including those that employ phishing to steal personal information, Andrew Klein, senior product marketing manager with SonicWall, said at the FTC forum. The results of this trend have been eye-opening. A Dutch spammer that Klein referred to as "Mr. X" -- who's since been thrown in jail -- was renting out up to 700 computers that were capable of generating spam campaigns of up to 9 billion e-mails. Two other jailed spammers -- Jeanson James Ancheta and Christopher Maxwell -- were renting botnets out for $300 to $700 per hour.

A community of malware providers has sprouted up such that a spammer can buy a spyware kit online for $17 to create a payload for his spam, and that kit will come with technical support. "You can't get that from Microsoft or any company, my company included," Klein quipped. "These phishing kits have been around for years, but the breadth of what's available is really impressive."

Jens Hinrichsen, product marketing manager for RSA's online threats managed services group, told the forum that he's seeing a disturbingly similar trend. "Double click, and a newbie fraudster can within two seconds create a phishing attack that's ready to go," he said. "We're really seeing a lot of price compression in terms of the tools available."

RSA is seeing about 200 different organizations being imitated by phishing campaigns each month, according to RSA statistics for June. "Of that number, about 35 of those organizations had never been targeted by phishers before," Hinrichsen said, adding. "Of those 35 institutions, about 12 were federal credit unions. Phishing's not going away anywhere soon."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll