Tag Archives: SPAM

Has GDPR Contributed To Spam Decline? 2 Organisations Say It’s Too Early To Tell

Recently threat intelligence organisation Recorded Future published a blog post suggesting “spammers are not — at least at this time — rushing to launch new campaigns because of GDPR-enforced WHOIS privacy rules.”

The General Data Protection Regulation that came into force on 25 May, seeks to give individuals more control over their personal data and to simplify data protection regulation in the European Union to one rule for all countries. Recorded Future published spam volumes compiled by Cisco which found that “on May 1, 2018, the total volume of email was 433.9 billion messages; spam accounted for 370.04 billion messages, or 85.28 percent of all email. On August 1, 2018, the total volume of messages was 361.83 billion, with 85.14 percent, or 308.05 billion messages, identified as spam. While the total volume of email fell precipitously, most likely due to a combination of seasonal email fluctuations and as the result of newly enforced privacy standards, the percentage of spam remained roughly the same.”

Recorded Future surmised that “spammers are not — at least at this time — rushing to launch new campaigns because of GDPR-enforced WHOIS privacy rules. Spam is still a big problem, but it has not become a bigger problem, contrary to popular opinions among security researchers.”

Spamhaus has taken a similar view. They note “the real answer is that it is far too early to tell.”

“Before GDPR came into effect, records such as a domain’s registered owner and registered contacts could be looked up in WHOIS databases maintained by individual registrars governed by ICANN.”

“WHOIS information was used by researchers in organisations such as Spamhaus to help determine a domain’s reputation. Domains determined from this and other factors to have a bad reputation would have potentially been listed on our Domain Block List (DBL).”

Spamhaus goes on to note that “whilst the lack of some of this information is tiresome and makes a security researcher’s job a little more difficult, it isn’t insurmountable. Spam will be blocked. Domains will continue to be added to our DBL and email will be filtered accordingly.”

“It’s true, spam rates have dropped marginally since May 2018. Spamhaus never anticipated a tsunami of spam to follow GDPR, however current claims that spam has fallen as a result of GDPR are unconvincing.

“Of course, it could be that legitimate companies, who are concerned about being GDPR compliant, have started purging email lists and are sending less ‘legit’ spam. However, one needs to remember that spam from legitimate companies accounts for a very small percentage of overall spam numbers, so any reduction in this area would have a minute impact on the figures.

“Another theory could be that due to the changes on WHOIS fewer bad domains are being identified and therefore some anti-spam systems are flagging less email.

“Nonetheless, this small reduction in spam is more than likely down to the natural ebb and flow of spam volumes, which have always been highly variable, just like botnet traffic.”

Spamhaus note there could be “numerous non-GDPR related reasons as to why there’s been a recent drop in spam email ranging from the spambots which are currently in operation (or not in operation as the case may be) to who has been arrested recently!”

So Spamhaus say there’s “no hard evidence we have seen proving that this current decline in spam is as a direct result of GDPR…it will be interesting to see what the volumes of spam are like over Black Friday and the subsequent Christmas holidays.”

They also suggest the drop in spam levels bein attributed to the GDPR is a “vacuous claim, unless it’s worth considering that snowshoe spammers don’t need as many new identities now that their current ones are withheld on WHOIS.”

“A more likely explanation to the drop in domain name registrations could be something as simple as top-level domains (TLDs) not having run any ‘specials’ recently (everyone loves a bargain, even a cybercriminal).”

But Spamhaus suggests that prohibiting personal details being visible on Whois “will hamper, if not stop, organisations being able to join the dots and identify gangs of professional cybercriminals who have a mechanism of fraud that is proving successful.”

According to Spamhaus “researchers collect all kinds of information from WHOIS. This data allows us to identify patterns in spamming activity, and build intelligence to attribute it to specific spam gangs.”

Whois data are “small but critical pieces of data [that] can become crucial to investigations later down the line, although they may not be obvious at the time. This evidence can assist law enforcement agencies to pursue these prolific gangs who are defrauding significant amounts of people of vast quantities of money” with “even fraudulent information that is used in a WHOIS record can be used against criminals.”

Spam and Phishing in Q1: New domains revitalise old spam: Kaspersky

Kaspersky logo[news release] The new range of top level domains, launched in January 2015 and intended for use by relevant communities and organizations, has proved irresistible to spammers according to Kaspersky Lab’s Q1 2015 analysis of the spam and phishing threats landscape. For many the new domains represent an excellent tool for promoting unwanted or illegitimate advertising campaigns.

Spam and phishing statistics

  • The proportion of spam in email traffic according to the figures for the first quarter of 2015 was 59.2%, which is 6 percentage points lower than in the previous quarter.
  • The USA retained its position as the biggest source of spam, sending 14.5% of unwanted mail.
  • Kaspersky Lab products recorded 50,077,057 instances that triggered the “Antiphishing” system. This was 1 million more than in the previous quarter.
  • Phishing against customers of financial organizations accounted for 37.06% of all registered incidents.

Kaspersky proportion of spam in email traffic October 2014 - March 2015

Kaspersky table showing proportion of spam in email traffic October 2014 – March 2015

New domain scams

The new generic top-level domain (gTLD) registration program gives organizations the opportunity to choose a domain zone that is consistent with their activities and the theme of their sites. For example, job websites can now use a .work domain and scientific websites could choose a .science domain etc. The business opportunities provided by the new gTLD program were enthusiastically endorsed by the Internet community and the active registration of new domain names is ongoing.

Spammers and cybercriminals have also been quick to react to the trend. As a result of their activities, new domain zones almost immediately became an arena for the large-scale distribution of advertising spam, phishing and malicious emails.

According to Kaspersky Lab’s email traffic observations; there was a considerable increase in the number of new domains that sent out spam content in Q1 2015.

Emails sent from the .work domains generally contained offers to carry out various types of work including household maintenance, construction or equipment installation. On the other hand, many of the messages from the .science domains were advertising schools that offer distance learning, colleges to train nurses, criminal lawyers and other professionals.

Q1’s spam traffic also featured many emails sent from color domains such as .pink, .red, or .black. These were often used to advertise Asian dating sites.

“When looking at Q1 in general and the type of spam on the new domains, insurance was one of the hottest topics in terms of the number of messages and the number of changing domains in mass mailings. This covers all types of insurance – life, health, property, cars, animals, and funeral insurance,” said Tatyana Shcherbakova, Senior Spam Analyst at Kaspersky Lab.

To learn more about spam and phishing operations in Q1 2015, please read the blog post available at Securelist.com.

This Kaspersky news release was sourced from:
www.kaspersky.com/about/news/virus/2015/Spam-and-Phishing-in-Q1-New-domains-revitalize-old-spam

NCC Group Launching Domain Assured To Provide Domain Abuse Monitoring

NCC Group logo[news release] Global information assurance firm NCC Group is launching Domain Assured, a new service which monitors the abuse, health and reputation of internet domains.

The service is aimed at domain name registrars and new gTLD owners, and provides continual monitoring of the major domain abuse types such as spam, typosquatting, hosting of malicious code and phishing. These can all damage the reputation of an internet domain, resulting in lost revenues and trust as confidence from end users disappears.

Built on top of technology from NCC Group’s advanced research group, Domain Assured will use expert threat intelligence capabilities to deliver a complete, real-time picture of a domain’s threat landscape, enabling registrars and registries to take a proactive approach to seeking out abuse.

Rob Cotton, CEO at NCC Group said: “We are passionate about making the internet a safer place. Domain Assured will make a big impact in protecting organisations and their customers and ease the transition as the new gTLDs are rolled out.”

ICANN has decreed that registry operators have to adhere to a minimum level of technical analysis regarding threats to their TLDs. Domain Assured ensures this standard is met and exceeded by delivering a complete picture of a domain’s threat landscape.

The scalable cloud-based solution can monitor millions of domains while providing rapid notifications of abuse. It makes use of NCC Group’s own algorithms to predict issues before they arise. Abuse thresholds can be configured to filter out potential false positives through the user-friendly customer portal, which is available 24/7.

Domain Assured will be a tiered offering, with additional services available on top of the comprehensive monitoring. These add-ons include an additional proactive component, where any flagged issues are dealt with immediately by NCC Group’s security testing and website performance teams.

Rob continued: “Our global reach and size means we can provide this service on a massive scale. We have legal and technical teams in house dedicated to monitoring and solving each case of abuse.

“Domain abuse can damage the reputation of registries and registrars, as well as harming end users. Domain Assured uses our threat intelligence capabilities to ensure customers have a detailed dashboard of their domain environments.”

Domain Assured is the latest initiative from NCC Group in the domain space. Last year ICANN approved its escrow division as a gTLD escrow agent, while the Group has also acquired .trust from Deutsche Post, as part of its mission to create a secure and trusted internet environment through new gTLDs.

.PW Becomes Spammer’s Favourite

.PW, the ccTLD for the tiny Pacific island state of Palau that has been rebranded for the “professional web”, has been accused of becoming a haven for spammers.

According to a report in TechNewsWorld, “antispam vendors are now working to update their filters, and the original registrar is assisting in their efforts.”

.PW domains are offered relatively cheaply, making them attractive to spammers.

“This came out of nowhere,” Eric Park, a senior antispam analyst with Symantec told TechNewsWorld.

“If you look at our TLD distribution, .com, .ru, .info — those are usually at the top of our list,” he said.

“But PW was by far the runaway number — even more than .com,” Park added.

According to the report, “not only is Symantec bolstering its filters to block the spam, but it’s also working with the owner of the domain to help curb abuse of it.”

“The registrar, from what I can tell, is interested in action to take the spammers down,” he said. “Not all registrars care, but these guys seem interested in working with us to shut them out because it’s damaging the brand they’re trying to push.”

To read the TechNewsWorld report in full, go to:
www.technewsworld.com/story/Island-Nations-Web-Domain-Now-Paradise-for-Spammers-78073.html

ICANN’s promise to clean up Spam

Here at domain pulse we have posted about the increasing spam problem and ICANN’s promise to clean up this issue. At this point in time there has been no follow up from ICANN, the public complaint made from Knujon anti-spam service has basically been disregarded. When will ICANN act on this matter ?

Now, Knujon founder Garth Bruen has formally requested ICANN to shut down the Beijing-based registrar at the top of the list, Xinnet Bei Gong Da Software. According to a new document that Bruen sent to ICANN this week, none of the WHOIS records in a sample of 11,000 alleged spam sites registered through Xinnet and reported by Knujon to ICANN’s Whois Data Problem Report System were corrected in a six-month period ending in May 2008. In many cases, says the document, Xinnet does not have “any Whois record data for review while the sites are still active.”

To read about this issue further : http://www.thestandard.com/news/2008/06/20/will-icann-take-action-against-worst-chinese-registrar