Spam and Criminal Activity

Abstract

The Internet is a decentralised structure that offers fast communication with a global reach, but also provides anonymity, a characteristic invaluable for committing illegal activities. Cybercrime has rapidly evolved in parallel with the spread of the Internet and e-commerce but attacks via e-mail (spam) remain one of the major vectors for the dissemination of malware and is a predicate to many forms of cybercrime. Spam epitomises one of the earliest on-line criminal partnerships between malware authors and e-mail spammers and it remains one of the most popular ‘social engineered’ means for spreading and injecting malware on computers and other digital devices. Unlike cybercrime that targets ‘low volume, high value’ victims such as banks and requires advanced hacking capability, spam enables malware to reach ‘high volume, low value’ targets, which are less likely to have effective anti-virus or other countermeasures in place. A typical example is the spread of malicious e-mails, containing content that entices the recipient to click on a Uniform Resource Locator (URL) link to a malicious web site or download a malicious attachment. Deception achieved through ‘social engineered’ e-mail messages are relatively well understood but less is known about advanced methods like ‘spear phishing,’ and whether different forms of social engineering are related to different types of malware and crime. Cloaking methods designed to disguise malicious executable files as fairly harmless documents, such as Microsoft Word files, PDF or text file are now common. These include manipulating the encoding method, applying fake double extensions in compressed form, mimicking “URL shortening” services amongst others as means to mask malicious files and links ensuring their spread through the web. Understanding the nature of spam activity and the threat posed by malicious spam e-mails, especially the prevalence, frequency, duration and severity of these common forms of cybercrime are the key to prevention. Noting that states alone lack the capability to suppress spam and must rely on mutual interest and a host of non-state actors to perform tasks usually the province of law enforcement agencies. This research used ‘real world’ data sets from the Australian Communication Media Authority (ACMA) Spam Intelligence Database (SID) to describe the nature and trends in spam borne malware. We processed 13,450,555 spam e-mails: of the 492,978 found with attachments 21.4 percent were malicious, and of the 6,230,274 that contained a URL, 22.3 percent of the web links proved malicious. We argue that because the focus of IT security on perimeter-protection is becoming increasingly ineffective, there is a need to refocus crime prevention activities on the modus operandi of offenders and victim vulnerabilities.