The very first spam email was sent by Gary Thuerk to about 400 recipients on 3 May 1978 over the Internet’s predecessor, ARPANET (Advanced Research Projects Agency NETwork). In April 2018, the daily average volume of spam was nearly 375 billion, according to Tallos. The original spam is a canned meat product and email 'spam' was named after a sketch from the Monty Python’s Flying Circus comedy programme. The use of the term spam expanded into other electronic communications since then. It is used for unsolicited communication in instant messaging, calls, social media, etc.
Kaspersky Lab has published a 2017 spam and phishing report. According to the report, the share of spam in e-mail traffic is down to 56.63%, having decreased by 1.68% since 2016. The US remains the biggest source of spam (13.21%) followed by China (11.25%). However, the anti-phishing systems have identified an increase of nearly 58% of phishing attempts. The report informs a significant increase of scam pages migrating to HTTPS making it harder for users to reveal fraud.
Necurs, one of the largest known spam bot, distributed spam emails promoting an ill repute cryptocurrency named Swisscoin, reported BleepingComputer. The well-known pump & dump strategy usually used for manipulating stocks of companies has been applied in cryptocurrency environment on large scale for the first time. The actual impact is hard to measure because the first spam emails were distributed on the same day the Swisscoin currency was released for trading after more than 50 days of suspension period. The pump & dump manipulations of cryptocurrencies are not new. For example Business Insider wrote about pump & dump cryptocurrency market manipulations in November 2017.
Spamhaus Malware Labs issued block List (SBL) listings for more than 9,500 botnet Command & Control servers on 1,122 different networks in 2017. Botnet controllers play a key role in operations conducted by cybercriminals who are using infected machines to send out spam, ransomware, launch DDoS attacks, commit banking fraud, click-fraud or to mine cryptocurrencies. The report expects that that securing and protecting IoT devices will be a core topic in 2018. In conclusion Spamhaus urges registries and registrars to take their responsibility by implementing appropriate mechanisms to prevent fraudulent domain registrations.
Researchers have discovered a botnet, called Onliner, that has collected 711 million email accounts used to send spam messages. An open and accessible web server storing databases of addresses, passwords and email servers for sending spam was hosted in the Netherlands, ZDNet reported. The credential emails and servers are used by spammers to avoid spam filters. Among other, this spam-bot is believed to have distributed over 100,000 unique infections of a banking malware Ursnif to inboxes around the world.
The global spam rate for July was the highest seen since March 2015, increasing to 54.9 percent, reports Symantec in its July Intelligence report. Similar proportion of spam also reports the Kaspersky lab in its Spam and phishing in Q2 2017 report, however not indicating a peak in spam traffic. Both companies use their own metrics and mostly report on spam identified by their systems.
The Australian Competition and Consumer Commission (ACCC) is taking action against two domain name registrars that have been sending out unsolicited communications to its business clients. According to ACCC, the notices sent by the two registrars looked like renewal invoices for their clients’ domain names, while, in reality, they were invoices for the registration of a new domain name (similar to the ones the companies already had). Between November 2015 and April 2017, there were around 300 000 such notices sent to business registrants, many of which ended up paying, unwittingly, for a new domain name that they might have not needed or wanted.
The social network botnet called Siren algorithmically created Twitter accounts and generated more than 8.5 million spam tweets. ZeroFOX, a company that discovered the botnet, believes this has been one of the largest spam campaigns on social media so far. The botnet used sophisticated techniques in order to deceive various anti-spam tools used by Twitter and Google. Siren gained over 30 million clicks from its victims. Although the links led to sites related to porn services they, reportedly, did not contain any malware. Nevertheless this case demonstrates some weak points and vulnerabilities of new communication tools. Spammers have been increasingly re-focusing their vectors of attack shifting from email to other channels like social media and instant messengers.
The Government of Canada has suspended the provision of Canada’s Anti-Spam Legislation (CASL) that enabled a private right of action to be brought as of July 1, 2017. The suspended provision would have allowed lawsuits to be filed against individuals and organizations for alleged violations of the anti-spam legislation. The CASL regulation is considered to be one of the strictest anti-spam regulations world-wide. CASL operates under the opt-in principle which means that senders need to obtain permission before the message is sent. Canadian government suspended the provision in response to broad-based concerns raised by businesses, charities and the not-for-profit sector.
Spamhaus reported that the government of France provides lists of email addresses to French political candidates to be used when sending campaign emails. The list reportedly provided by the government contained spamtrap email addresses that are used by Spamhaus for their anti-spam operations. These emails could not be enrolled to this list voluntarily and do not belong to French voters. It seems that these lists might have been provided directly to the candidates.