Abstract
The Internet is a decentralised structure that offers fast communication with a global reach, but also provides anonymity, a characteristic invaluable for committing illegal activities. Cybercrime has rapidly evolved in parallel with the spread of the Internet and e-commerce but attacks via e-mail (spam) remain one of the major vectors for the dissemination of malware and is a predicate to many forms of cybercrime. Spam epitomises one of the earliest on-line criminal partnerships between malware authors and e-mail spammers and it remains one of the most popular ‘social engineered’ means for spreading and injecting malware on computers and other digital devices. Unlike cybercrime that targets ‘low volume, high value’ victims such as banks and requires advanced hacking capability, spam enables malware to reach ‘high volume, low value’ targets, which are less likely to have effective anti-virus or other countermeasures in place. A typical example is the spread of malicious e-mails, containing content that entices the recipient to click on a Uniform Resource Locator (URL) link to a malicious web site or download a malicious attachment. Deception achieved through ‘social engineered’ e-mail messages are relatively well understood but less is known about advanced methods like ‘spear phishing,’ and whether different forms of social engineering are related to different types of malware and crime. Cloaking methods designed to disguise malicious executable files as fairly harmless documents, such as Microsoft Word files, PDF or text file are now common. These include manipulating the encoding method, applying fake double extensions in compressed form, mimicking “URL shortening” services amongst others as means to mask malicious files and links ensuring their spread through the web. Understanding the nature of spam activity and the threat posed by malicious spam e-mails, especially the prevalence, frequency, duration and severity of these common forms of cybercrime are the key to prevention. Noting that states alone lack the capability to suppress spam and must rely on mutual interest and a host of non-state actors to perform tasks usually the province of law enforcement agencies. This research used ‘real world’ data sets from the Australian Communication Media Authority (ACMA) Spam Intelligence Database (SID) to describe the nature and trends in spam borne malware. We processed 13,450,555 spam e-mails: of the 492,978 found with attachments 21.4 percent were malicious, and of the 6,230,274 that contained a URL, 22.3 percent of the web links proved malicious. We argue that because the focus of IT security on perimeter-protection is becoming increasingly ineffective, there is a need to refocus crime prevention activities on the modus operandi of offenders and victim vulnerabilities.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.