How spam and botnets have become big business [Q&A]

botnet

Botnets are not a new problem, but they remain a key part of the cyber criminal's armoury. The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), a global industry forum dedicated to promoting best practices in cyber security, has issued its first report looking at the level of botnet infection. Based on information provided by ISPs covering over 43 million subscribers in the US and Europe it concludes that around one percent of consumers are infected by a bot. The good news is that notification rates are high with between 94 and 99.82 percent of those infected being notified of the problem by their ISP.

Even on those numbers botnets are a major problem. We spoke to Ken Simpson CEO of outbound traffic security company MailChannels and co-chair of M3AAWG's Botnet Subcommittee to find out about how botnets and spam have become big business.

BN: What is the M3AAWG?

KS: It was founded about 10 years ago by a group of international ISPs. The mission of the organization is to bring together all of the people involved in transacting the world’s email so that they can create standards and work together to fight back against very well-funded criminal networks.

BN: Can you give us an overview of the current state of the spam industry?

KS: A lot of internet users aren't aware that there's actually a huge amount of spam going on. They have spam filters and most of the time the filter keeps spam out.

These days a large proportion of the spam that's sent around the world is not trying to sell you something. What cyber criminals have realized is that trying to sell you some Viagra pills doesn't make as much money as it used to. What they're doing now is focusing on exploitation, financial information and private identity information that they can use to steal money from your bank account or get you to participate in some fraud.

This is a massive problem, the scale of fraud and cyber crime being spread over email has to be in the tens of billions per year. It's not just individuals being targeted either it's institutions of all sizes. What we try to do at MailChannels is provide software and services to help the ISPs who originate the mail traffic protect their users. We help them identify the bad stuff as it goes out onto the internet so that they can block it and protect the rest of the web.

BN: Why would service providers care about providing protection?

KS: If they don't do something the global reputation of their email will suffer and their network will get blocked. This means their users wouldn't be able to send email any more because it would be blocked everywhere else.

BN: How important are botnets in all of this?

KS: One of the leading botnet researchers recently told me that the world of botnets has never been more interesting. There are more sophisticated botnets than ever before and they’re engaging in a wider array of bad behavior. There's a whole eco-system of players who are running these botnets, renting time on them and selling them for different services. If you wanted to carry out some cyber crime yourself you could go to an internet forum and rent time on a botnet to do whatever you wanted -- distribute malware, send spam or run a denial of service attack. It's also very cost effective because it's a competitive marketplace.

BN: There seems to have been a shift in the type of spam recently, towards sending fake invoices for example, is this significant?

KS: There's a move away from traditional spamming, which has an extremely low return per email message, to more concentrated financial fraud. If you get a Viagra spam email then maybe you spend $50 on purchasing pharmaceuticals, but the spammer makes only a tiny slice because he has to source the product and send it out, he may make only $3 or so on the transaction.

But if I manage to convince you that your company owes $5,000 to my fictitious organization and I get you to wire transfer that, then I get $5,000. I don't have to hit as many victims to make that pay off pretty quickly. This isn’t just a few spammers, it's criminal networks with some very nasty people behind them.

BN: Does this activity originate only in failed states or is it a global issue?

KS: There are spammers operating in every country, but the ones operating in places like the US, UK and Canada tend to be the string pullers. They'll develop the infrastructure and they tend to be involved more in traditional spamming, selling products. The actual dirty work will be subcontracted elsewhere.

Countries like the Ukraine have little regulation because the country is so broken by war and corruption. They literally have call centers taking support inquiries for extortion schemes. Government is effectively neutralized by criminal interests, so if you pay off the right people things like ransomware scams can operate pretty much in the open.

BN: So the whole operation has become very professional rather than the common idea of a hacker working from his bedroom?

KS: It ranges across the spectrum, one of the things that my company offers is an outbound protection service for service providers who don't want to spend time trying to maintain their email reputation.

Around two thirds of the attempted signups for this come from spammers and phishers and most of the phishing signups come from northern Africa and Indonesia. They're very open because in their countries there's zero chance of any enforcement finding them. They will phish services like PayPal and even though individually they might not do a lot of damage, collectively they do a lot and they're very difficult to find. They may be committingng all of their cyber crime from a laptop in an internet cafe.

So, while there's sophistication there are also thousands of people operating at a lower 'street smart' level to attempt to extort users of online services. They often work within their own language area, so you get phishers working in Morocco or Algeria targeting customers of French banks for example.

BN: Is phishing cyclical? Do scammers target PayPal one week, Barclays the next, a French bank the week after?

KS: I get the sense that it is because it takes time to develop a campaign, you have to replicate the target website so they do tend to hit one at a time. Because there's lots of these guys working on the same thing many institutions are being hit in parallel but it's not like one person is hitting all of the institutions. Smaller financial institutions see periodic waves where their customers will see nothing for months then get hit by thousands of email messages. Larger ones like PayPal are being phished 24 hours a day, domain names similar to PayPal are being constantly registered, it's like a tidal wave.

You can find out more about the botnet report on the MM3AAWG blog.

Image credit: Gunnar Assmy/Shutterstock

One Response to How spam and botnets have become big business [Q&A]

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.