2009, according to the Chinese calendar, was the Year of the Ox:
‘People born in the Year of the Ox are patient, speak little, and inspire confidence in others.’ 1
Well that description pretty much sums up most of the spam sent in 2009: the perpetrators tended to say little in the messages, but oh did they inspire confidence in the criminal sense! 2009 showed a remarkable increase in Phishing/Fraud content. Why bother making 10 cents per click or selling fake pills for $4 when you can take over someone’s bank account or even better – their full identity?
Let’s compare the threat levels over time using this spam sample:
– 10 years ago the message would have contained a virus, created ‘for fun’
– 4 years ago the embedded malware would have turned your computer into a botnet
– In 2009, the malware would either have tried to steal your identity (by replacing the host file, messing with your web history, etc.) or it would simply have tried to steal money from you (especially in the case of love matching)
Notice there is no phone number, URL, email address, etc., only a Messenger ID. This trick was very popular in 1999 when ICQ was on top of the IM world. I guess with all the new scanning techniques, we’re back to Square 1: there’s only a simple ID with no domain name, which is more difficult to block.
We also saw the usual amount of junk as compared to other years, but messages like these were probably just used to improve the reputation for some botnet IPs. Unfortunately for the spammers – this technique doesn’t help them anymore =)
There was an increase in Health/Pharmacy spam over the past year, resulting in a high level of image spam: 95% involved pharmacy-related products. Again, there were no links to click or an email to contact, just a wavy image telling you what website to go to. Do these messages really work?
One type of fraud that didn’t increase this year was the ‘pump and dump’ style of spam. Of course, the market was down and people were broke so there was no point asking them to invest. Sell them Happy Pills instead! And, speaking of pills, I can’t ignore the Swine Flu spam. It was easy to take advantage of the initial panic by selling fake pills that could hurt or even kill people (assuming the scam victims actually received something). These types of spam were poorly made and contained scary-looking links. According to F-Secure, more than 250 websites were registered with the term ‘swine flu’ within days of the outbreak. These sites aimed to scare people by spreading false news about Hollywood stars falling ill with the virus.
So what will 2010, the Year of the Tiger, bring?
‘Tiger people are sensitive, given to deep thinking, capable of great sympathy.’ 1
Let’s just hope the Tigers of this world prevail this year and think long and hard before they click on anything that looks and sounds suspicious. And as for that other Tiger! well! he should definitely try deep thinking too before he leaps!
Sources:
1. The Chinese Culture Center of San Francisco
Leave a Comment