Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

The Sad Reality of Spam/Phishing Attempts

Published: 2011-03-14
Last Updated: 2011-03-14 22:11:30 UTC
by Lorna Hutcheson (Version: 1)
7 comment(s)

Just for grins, I opened my spam folder on a gmail account I have and thought I'd take a look at what was in there since I hadn't looked lately.  By the way, my spam folder is one of my first sources of new malware for those who ask quite regularly where they can find malware to analyze.  In the last 30 days, I have approximately 707 spam emails, which averages to about 24 pieces of spam a day.  I can find topics such as:

"Please i need your assistance"

and

"YOUR EMAIL HAS WON $500,000.00 USD"

to the more malware malicious ones (complete with attachments) such as:

"Kindly open the attachment"

or

"You have 1 unread Message!"

  and those that ask me for my data like:

"Fill & Return For Claims"

or

"Fraud Alert!!!"

This doesn't even include the ones where I can buy drugs, save my visa card from being canceled, update my password before it expires, open a greeting card from someone I don't know, etc. I even found one in there from a friend's email address so they are either compromised or their email address is being used (yes, I'll tell them and ask them to check their system). 

One would think from looking at the scam names used above; the misspellings and bad grammar in most of the emails ; the amount of publicity on the topic of spam/phishing attempts, etc. that they would not work.  However, the sad reality is that spam/phishing is so rampant because it does work.  We are seeing again first hand the efforts to capitalize on the Tsunami disaster that Bojan wrote about in the diary entry isc.sans.edu/diary/Tsunami+in+Japan+and+self+modifying+RogueAV+code/10543.  Antivirus vendors are reporting that on average that spam makes up over 80% of email traffic.  That is a significant amount of email that is spam (no wonder my spam folder is so full) and just by shear numbers, it is going to work.  Many organizations at work have email gateways to filter out the miscreants, but at the same time, many do not block web based email accounts which defeats the whole purpose of having an email gateway. 

According to what I have been able to research (I didn't even have a computer then to know anything about it), the first spam email was sent on May 1st, 1978.  It was sent by a DEC marketing representative to every ARPANET address.  Spam in one form or another has been increasing every since then and really picking up steam in the 90s.  One would think that with the passage of that much time, that we would have been able to educate people how not to fall prey to such events. 

I still think education of the user is key and sadly SPAM/Phishing attempts have become part of the "normal" noise on the internet.  As sad as this is there is one bright note, at least with my daily dose of spam, I'll be able to have all the fresh malware I can analyze.

Keywords:
7 comment(s)
Diary Archives