Symantec report also notes, among other things, that spam levels jumped 5 percent from April to May, and reputable domains are favorite targets of cybercriminals.
Lance WhitneyContributing Writer
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
Spam now accounts for 90.4 percent of all e-mail, according to a report released Monday from security vendor Symantec. This means that 1 out of every 1.1 e-mails is junk. The report also notes that spam shot up 5.1 percent just from April to May.
Symantec's May 2009 MessageLabs Intelligence report reveals other disturbing trends, as well. Rather than just hijack disreputable Web sites, cybercriminals now favor older and well-established domains to host their malware. The report says 84.6 percent of all domains blocked for malicious content are more than a year old. One type of domain now especially vulnerable to threats is social networking, since most of the sites' content is created by users.
"Spammers using better-known and thus more widely trusted Web sites to host malware is reminiscent of the spammers who rely on well-known Web mail and social networking environments to host spam content," said Paul Wood, Symantec's MessageLabs Intelligence senior analyst. "The trustworthy older domains can be compromised through SQL injection attacks while newer sites are more likely to be flagged as suspicious--a temporary site set up with the sole purpose of distributing spam and malware--and thus faster to get shut down."
Where you live also determines when you're spammed, says the report. For people in the U.S., spam hits its peak between 9 a.m. and 10 a.m. and then drops overnight. Europeans get a solid stream of spam throughout the day, while users in Asia-Pacific countries find most spam waiting for them in the morning. One reason for this trend, says the report, is that most spammers are at their busiest during U.S. working hours.
The popular CAPTCHA program, which asks the user to type in a series of random characters, is no longer proving as effective as once hoped. Many Web sites have relied on CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) to ensure that accounts are created by actual human beings.
But criminals have now succeeded in generating profiles with random names, apparently by using automated CAPTCHA breakers. The report notes that some major Web sites are now exploring other ways to block automated accounts, such as using photographic images that a user must analyze.