Barack Obama, Paris Hilton and Britney Spears might be three of the world's most visible people, but when it comes to celebrity spam circulating the Internet, the trio has nothing on Angelina Jolie. The mother of six inspired an average 2.28% of the total daily email volume on the planet in July, the bulk of it using her name and the word naked in the subject line, according to the research labs at Secure Computing, a provider of enterprise gateway security (The Angelina Jolie campaign contains a URL linked to an executable binary, mostly seen as msvideoc.exe hosted at multiple domains, the report explains.)
Indeed, Jolie-inspired spam attacks far outstrip those generated by other top celebrities. According to data culled by Secure Computing labs, the actress's name is used fivefold more times (45%) in spam campaigns than Barack Obama's (9%), the distant second-place finisher followed closely by Hilton (7%), then Spears (about 4%).
The celebrity stats are, however, a sidelight in Secure Computing's Internet Threat Report published in mid-August, which provided a sober look at the top network traffic threats of second-quarter 2008 and predictions for the remainder of the year.
According to the report, spam grew an eyebrow-raising 280% during the second quarter of 2008, compared with the same period a year ago. The good news is that the volume is actually down 40% from the previous quarter, marking a low ebb for the year. Zombies are in retreat. Last summer, new Zombies spawned at a rate of 300,000 per day, while this summer's numbers are half that.
But companies should not be lulled by the decline, said Sven Krasser, the director of data mining for Secure Computing's Trusted Source labs, who pointed to trends that indicate spam's inexorable upward trajectory. Every day, the crime families prowling the Internet for gain develop new vectors of attack.
"The general thing that we see are blended threats, something very prolific at this point," Krasser said. "The attacks blend email and Web threats or email messages that contain links and lures to make you click on the link."
Since many companies employ antivirus solutions at the email gateway, the criminal intent is to circumvent that by using a link to the malware. Without integrated and correlated protection between the two, a company's ability to stay ahead of these threats will become more difficult, Krasser said.
In addition to using movie stars like Jolie, tried-and-true pitches for male enhancement products and prescription drugs are popular enticements to click on links. Cybercriminals also increasingly prey on our need to know, luring people in with promises of video on breaking news, such as an earthquake or political threat, the report found.
Swizzor, a fast-growing ad and spyware family accounted for more than 30% of all new malware in the second-quarter period. The ZBot spyware family also grew significantly this quarter, introducing a twist that intrigued Krasser. "The malware tries to break into your home router and change the DNS [domain name server] so it can redirect you to any website when you start browsing," he said. "It makes use of your network infrastructure and turns it against you." With the backdoor assault on infected computers, attackers gain full control of the compromised systems, which then can be used for distributed denial-of-service attacksor SPAM relaying.
Made in America, misplaced priorities
Other findings? The U.S. leads the world in spam, spewing some 16.6% of the world's volume. The figure is nearly three times that of the second-place contaminator, Russia (6.7%). Sex sells (duh) more than ever. The average number of porn sites appearing daily was 45% higher in the second quarter than in the first three months of this year, a trend partly attributable , says Secure Computing, to the increase in pornographic content on social networking sites and discussion boards. Plus, when it comes to spam, the word exotic is hardly a euphemism: 50% of all websites are now published in languages other than English, so those bad links to malware appear in many tongues.
In a report published July 31, analyst Simon Yates of Forrester Research , took a contrarian view, scolding security managers for fixation on malware when they should be focused on data protection. A Forrester survey of more than 1,000 security managers showed that they continue to list viruses, worms and spyware as their top security threats, despite a decrease in the prevalence of malware. And in a sense, that decline is good. "Since security directors consider malicious code a significant threat, it's no surprise that nearly 50% of enterprises have already adopted personal firewalls and patch management," he wrote. But data protection measures are woefully underadopted, and that needs to change, he urged.
Yates recommended that security operations managers start to rectify that protection gap by building a case for full disk encryption; looking into information leak protection tools and keeping the traditional security toolbox refreshed and up to date.
Oh, and on the celebrity spam stuff? Hillary Clinton shows up in the sixth place, right after Jessica Simpson and about even with President George W. Bush. As for Jolie paramour Brad Pitt, the handsome papa did make the top 10 list. Email using his name accounts for about 2% of celebrity spam, on par with Osama bin Laden and Michael Jackson.