Spammers change distribution tactics

Criminals using new ways to avoid detection, warn experts

Internet criminals are changing the methods they use to send spam to businesses to remain undetected for longer, IT security experts have warned.

According to research by UK security firm BlackSpider Technologies, spammers are developing stealth distribution tactics to bombard businesses with email advertising, and are using computer viruses to build vast networks of compromised machines to do their work.

Instead of launching mass spam mailings from a few machines, the spammers are
trying to build vast ‘botnets’ of virus-infected computers. Each machine sends out smaller numbers of junk emails, to go undetected for longer.

BlackSpider recently detected one huge botnet comprising 150,000 machines that were spamming UK businesses with 50 million identical emails per day, unbeknown to the compromised computers’ users.

‘It works out at about 330 emails sent from each PC per day,’ said James Kay, chief technology officer at BlackSpider. ‘If we assume that many PC users are online for a working day, that means the spam emails are being distributed at a rate of 40 per hour.’

Analyst Forrester Research says that because these spam emails are distributed slowly, users are far less likely to experience performance issues with their computers and take action.

‘This is not just troublesome or bothersome, it is costing companies money,’ said Thomas Raschke, senior analyst at Forrester.

‘We are seeing a change in the threat vector. Criminals are trying to go under the radar, going into machines without being seen and then back out again.’

But detective constable Richard Billington, from the Metropolitan Police’s computer crime unit, says that although some criminals are adopting this new method, most spammers are not so sophisticated.

‘If criminals have only managed to build a small botnet and have to get lots of emails out in a short period of time, they will have to hammer the resources they have and they will get noticed,’ he said.

Billington says ‘bot herders’ that control the networks are also using infected machines to distribute viruses, to try to recruit more computers.