, MARCH 28, 2007
 (STAR) By Eden Estopace - Are we fast becoming a nation of "spammers"?

The result of the latest Symantec Internet Security Report released worldwide last week is most revealing: 88 percent of e-mail traffic coming from the Philippines is spam, or unsolicited bulk e-mail used with malicious intent.

If it is any consolation, spam is on the rise worldwide and not just in the Philippines.

The world’s leading spamming country is the United States, with 59 percent of its e-mail traffic categorized as spam. In the Asia-Pacific region and Japan (APJ), China has the most number of outbound spam e-mails at 37 percent.

With the sheer number of e-mails originating from the two countries, spam from the Philippines may be comparatively small.

However, as a percentage of total e-mail traffic over a six-month period, the Philippines’ 88 percent may be a cause for alarm. The average for spam as a percentage of e-mail in the APJ is only 69 percent.

Other countries in the region with equally high percentages of spam in their e-mail traffic are Vietnam (86 percent), Sri Lanka (86 percent), Laos (85 percent), and Malaysia (84 percent).

Richard Velasco, senior sales engineer of Symantec Philippines, explains that spam, or the electronic version of junk mail, is a serious security concern as it can be used to send unwanted messages — often unsolicited advertising — to a large number of recipients and it can be used to deliver Trojans, viruses, worms, spyware, and targeted phishing attacks.

"By sending unsolicited e-mails, spammers lure the e-mail recipients to share confidential information via spam and phishing. Once the information is captured by the crime developers and hackers, they use it for financial gains," Velasco says.

Some spam e-mails, he says, secretly lay bots in unsuspecting PCs, which could capture confidential keystrokes or data in the PCs such as passwords, credit card numbers, bank account numbers and send these back to the hacker.

Still some bots use the host PC to launch other spam to other networks or PCs. A PC that sends spam without the owner’s knowledge and controlled by a hacker is called a spam zombie.

The top spam zombie sending country in the APJ is still China. Ranked second is South Korea, which Symantec says could be attributed to the fact that it has the highest broadband penetration per household in the world. The Philippines ranked ninth in APJ and 27th worldwide.

Velasco explains that the use of e-mail as a medium for launching attacks on the Web is logical.

"E-mail is commonly used as a personal and business communication tool. E-mail is user-friendly and affordable which makes it a prime target for launching attacks against unsuspecting users. A cyber criminal will use the digital address book of an unsuspecting Web surfer to send e-mails. When the person receives the e-mail and sees it is from a friend, there is a very high probability that he will click on that e-mail and do what the e-mail is requesting him to do," he explains.

The rise of spam from the Philippines can be attributed to the prevalence of pirated software in the country.

According to Velasco, pirated software can contain hidden Trojans or back doors, making the users who install them vulnerable to many different threats, including infection by spam bots.

Data from the Business Software Alliance showed that the piracy rate of the Philippines was 71 percent in 2005, which was way above the average in Asia of 53 percent. Incidentally, Vietnam, which has the second highest number of spam as a percentage of e-mail in the region, also has the highest piracy rate in Asia at 92 percent.

The new threat landscape

The Symantec study, conducted from July to December 2006, revealed an increase not just in spam but other forms of malicious attacks such as data theft, data leakage and the creation of targeted, malicious code for the purpose of stealing confidential information.

This seems to be a natural progression of the Internet security threats that have started long ago.

Symantec country sales manager Al Ramon de la Cruz, however, says the motive for launching security threats by hackers and crimeware developers has changed from purely personal achievement to financial gain.

This, he says, leaves both the individual PC and Internet user as well as enterprises vulnerable to attacks.

By sending unsolicited e-mails, for example, spammers lure the recipients to share confidential information.

Velasco discloses that the most common type of spam detected in the latter half of 2006 was related to financial services, which made up 30 percent of all spam on the Internet during this period.

Spam related to health services and products, on the other hand, made up 23 percent of all spam, while spam related to commercial products was the third most common type, accounting for 21 percent of the total.

"The rise in financially related spam was due mainly to a noticeable increase in stock market ‘pump and dump’ spam," he says.

Pump and dump is the term given to schemes in which criminals profit by creating an artificial interest in a stock they own. They buy a penny stock when the price is low. They then artificially pump up demand for the stock by sending out spam that appears to be from a respected stock adviser, but that actually contains false predictions of high performance for the stock.

"Recipients of the message, trusting the spam content, buy the stock, creating demand for it and thereby raising the price. When the prices are high enough, the perpetrators of the scheme sell their stock for a profit," Velasco explains.

Symantec Corp. has been conducting a study of the Internet threat environment since 2001. The Internet Security Threat Report (ISTR), now on its 11th edition, offers analysis and discussion of threats over a six-month period. It covers Internet attacks, vulnerabilities, malicious code, phishing, spam and security risks as well as future trends.

One of the key findings of the ISTR Volume XI is that "attackers are now refining their methods and consolidating their assets to create global networks that support coordinated criminal activity."

In the APJ, Symantec observed an average of 19,095 active distinct bot-infected computers per day. On average, the region accounted for about 30 percent of active bots worldwide. China was the most frequently targeted by Denial of Service (DoS) attacks, accounting for 63 percent of attacks in the region during this period. However, it was Taiwan which had the most malicious activity per Internet user in the APJ region.

Threats to confidential information made up 60 percent of the volume of the top 50 malicious code reports from the region. The top reported malicious code sample was the file-infecting worm Looked.P, while the most prevalent new malicious code family reported during the period was the Stration worm.

Data used in the ISTR analysis were culled from the Symantec Global Intelligence Network consisting of 40,000 registered sensors in 180 countries. The Symantec global coverage itself has four security operating centers and eight research centers, with 1,800 analysts and 6,200 managed security devices.

While Symantec software protects more than 370 million computers or e-mail accounts worldwide and 99 percent of Fortune 500 and 1,000 companies utilize Symantec products, it insists that the ISTR is vendor-neutral. It is not a survey of opinions or driven by marketing but it is an analysis of attacker methods and preferences.

Velasco says the Symantec Probe Network, which is a system of over two million decoy accounts, attracting e-mail messages from 20 different countries around the world, allows Symantec to gauge global spam and phishing activity.

The scope of the APJ-ISTR does not include behavioral profiles of cyber criminals or the socio-cultural implications of cyber activities. However, the report is available to the public and is an effort to understand the issues involving Internet security.

What Symantec executives in the Philippines are saying is that given the nature of the security environment today, there is a need for an in-depth defense strategy to combat attacks. This may include a collaboration of products, software and hardware to protect the network infrastructure from the end-point to the gateway.

Chief News Editor: Sol Jose Vanzi

All rights reserved