• United States



by Senior Editor

Report: Spammers Work by US Clocks and Target Facebook, Twitter

May 27, 20093 mins
Application SecurityBotnetsCybercrime

Research from Symantec finds spammers, like many Americans, work from 9 to 5 and now favor sites like Twitter and Facebook for dirty tricks

While many working Americans are heading into the office and starting their day, spammers are busy, too, readying for their next onslaught of junk messages. According to a new report from Symantec, spammers favor the same work schedule as the typical American office worker (Read another report on the findings here).

The research, conducted by Symantec’s MessageLabs, indicates that spammers are most active during the US working day for a variety of reasons, but could be because most are either based in the US, or find the workday a good time for potential success, said Paul Wood, MessageLabs Intelligence senior analyst.

“Like any direct-marketing agency, they have direct times when they will want to send their mail shots,” said Wood. “It’s usually in the mornings, when people are more receptive and have not yet gotten into their work cycle, before the inbox fills up.”

If you are located in the US, spam activity peaks at between 9 10 a.m. local time, and trails off to much lower levels overnight, according to the research. The report also said Europeans are likely to receive a steady stream of spam throughout their day, while users in the Asia-Pacific region are likely to start their day with an inbox already full of spam, with only small amounts trickling in after this point until the evening.

The incidence of spam on corporate networks has increased around 5 percent compared to last month’s MessageLabs analysis. Spam accounts for more than 90 percent of all email messages, according to the report. One in 317.8 emails in May contained malware and one in 404.7 emails comprised a phishing attack. More time spent on web mail and social networks is aiding in the increase, according to the report

“Active profiles on social networks are goldmines for spammers to lure unsuspecting users,” the report states. “All spammers use is a subject line and a valid hyperlink to active profiles on one of a number of major social networking sites. These emails originate from legitimate addresses on some of the main webmail providers making them harder to catch by regular anti-spam filters.”

Earlier this month many Facebook users were targeted in a phishing attack and Twitter has also been hacked by spammers recently (See Phishers Harvest Facebook Passwords for Profit ).

The report also finds legitimate, well-known sites such as Facebook, are just as dangerous, perhaps even riskier, when it comes to malware (See also: Most Web Sites are Vulnerable Now). Wood said a common assumption is that most web-based malware resides on less reputable websites, such as adult content sites. But MessageLabs analysis debunks this and finds cybercriminals appear to be more likely to hide malicious content on older domains that have been well-established. The report states 84.6 percent of website domains blocked for hosting malicious content are well-established domains that are over a year old.

“When you look at a lot of the domains that are being used to host the bad stuff, it’s interesting to find they are well-known domains, not necessarily ones that have been compromised through an injection attack,” said Wood. “They are domains that enable you to generate your own content, the Web 2.0 environment.”