'Do-It-Yourself' Home Business Scams: Spammers' Tool For 2009

McAfee’s Avert Labs has released predictions on spam trends for 2009.

Free Web-hosting/ Blogging Services will be Increasingly Abused by Spammers

By allowing people to create a public website without the authentication necessary to purchase a domain name, websites like Geocities, Blogspot, and Live facilitate a spammer’s ability to get their message across with a minimal expenditure of resources.

Spam that is hosted from do-it-yourself social websites arrives at the destination with far greater frequency than links pointing to domain names assigned by legitimate registrars. With little to no threat of punishment for their hosted content, and the new restrictions on short-term domain testing, the attractiveness of free bandwidth offered by these sites will undoubtedly draw greater focus from malicious parties.

More Targeted Phishing and Corporate Blackmailing

Botnets that spread into corporate networks and financial data centres will increasingly be used to gather sensitive information that can be used for blackmail or sold on the underground market. Browser-based attacks will increasingly be used as the least protected vector in order to transfer payload. Security breaches of confidential data managed by partner and subsidiary companies will force an overhaul of data security practices.

2008 also had an increase in localised phishing campaigns, especially on college campuses, where professional looking e-mails claiming to be associated with the school’s financial or scholarship department were blasted to all the students at the school. This is a significant danger to people, who are just becoming responsible for their own finances. These types of phishing attacks are likely to be more effective per mail than their global cousins.

More Scams Involving Home Businesses

‘Legitimate’ home business scams generally involve either a pay up front and ‘Do-It-Yourself’ kit, or a pay-to-play shell game of training and certification. We’ll see more of it on the television, and the same infrastructure that supports diploma spam and confidence fraud will adjust to the new unemployment reality and will offer people some new bait on the old check cashing scam.

Increase in Forging and Abuse of Free e-Mail Services

The free e-mail services have started to allow accounts to send mails with arbitrary ‘from’ addresses. This has increased the usability of these services significantly to businesses, but has also increased the ‘abusability’ by spammers. Shared SPF and SenderID records call to question the purpose of having them in the first place. The need for Domain Keys Identification Mail (DKIM), PGP key signing, and secondary authentication mechanisms will become more important to a basic business security model.

New Businesses to Replace Lost McColo Hosting

Hosting companies will be set up in countries that are eager to embrace a burgeoning Internet market and will offer services to replace the disrupted command and control centres formerly hosted by McColo. These may be used as pawns by entities that perceive strategic value in sculpting the battlefield of the future.

Conclusion

In conclusion, McAfee Avert Labs recommends that enterprises assure their software and patches are up-to-date, and that they implement a multi-layered approach to pre-emptively detect and block attacks.