The evolution of spam

Spam (unsolicited bulk advertising via email) made its first appearance in the mid 1990s, ie, as soon as enough people were using email to make this a cost-effective form of advertising. By 1997, spam was regarded as being a problem, and the first Real-Time Black List (RBL) appeared in the same year.

The development of spammer techniques

Spammer techniques have evolved in response to the appearance of more and better filters. As soon as security firms develop effective filters, spammers change their tactics to avoid the new spam blockers. This leads to a vicious circle, with spammers re-investing profits into developing new techniques to evade new spam filters.

Direct mailing
Initially, spam was sent directly to users. In fact, spammers didn’t even need to disguise the sender information. This early spam was easy enough to block: if you blacklisted specific sender or IP addresses, you were safe. In response, spammers began spoofing sender addresses and forging other technical information.

Open relay
In the mid-1990s all email servers were open relay – any sender could send an email to any recipient. Spam and other security issues led administrators to start reconfiguring mail servers worldwide. However, the process was relatively slow, and not all mail server owners and administrators were willing to cooperate. Once the process was well underway, security analysts began scanning for the remaining open relay mail servers. These DNS RBLs were made available, making it possible for, security conscious administrators to block incoming mail from listed servers. However, open relay servers are still used for mass mailing.

Modem pool
As soon as sending spam via open relay became less efficient, spammers began to use dial-up connections. They exploited the way in which ISP providers structured dial up services and utilized weaknesses in the system:

As a rule, ISP mail servers forward incoming mail from clients.

  • Dial-up connections are supported by dynamic IP addresses. Spammers can therefore use a new IP address for every mailing session.
  • In answer to spammer exploitation, ISP providers began to limit the number of emails a user could send in any one session. Lists of suspect dial-up addresses and filters which blocked mail from these addresses appeared on the Internet.

Proxy servers
The new century saw spammers switching to high-speed Internet connections and exploiting hardware vulnerabilities. Cable and ADSL connections allowed spammers to send mass mailing cheaply and quickly. In addition, spammers rapidly discovered that many ADSL modems had built-in socks servers or HTTP proxy servers. Both are simply utilities that divide an Internet channel between multiple computers. The important feature was that anybody from anywhere in the world could access these servers since they had no protection at all. In other words, malicious users could use other people’s ADSL connections to do whatever they pleased, including, naturally, sending spam. Moreover, the spam would look as if it had been sent from the victim’s IP address. Since millions of people worldwide had these connections, spammers had a field day until hardware manufacturers began securing their equipment.


Spam and phishing in Q1 2018

The quarter’s main topic, one that we will likely return to many times this year, is personal data. It remains one of the most sought-after wares in the world of information technology for app and service developers, owners of various agencies, and, of course, cybercriminals. Unfortunately, many users still fail to grasp the need to protect their personal information and don’t pay attention to who and how their data is transferred in social media. Read Full Article


Tens of thousands per Gram

In late 2017, information appeared on specialized resources about a Telegram ICO to finance the launch of its own blockchain platform. The lack of information provided fertile ground for scammers: the rumors prompted mailshots seemingly from official representatives of the platform, inviting people to take part in the ICO and purchase tokens. Read Full Article


Every little bitcoin helps

It often happens that inventions and technologies that start out good end up turning into dangerous tools in the hands of criminals. Blockchain is no exception to this rule, especially in its most common cryptocurrency incarnation. The attacks targeted employees of small companies, but such emails could be sent to any user’s personal mail. Read Full Article


IT threat evolution Q3 2017

Our growing dependence on technology, connectivity and data means that businesses present a bigger attack surface than ever. Targeted attackers have become more adept at exploiting their victims’ vulnerabilities to penetrate corporate defences while ‘flying under the radar’. Read Full Article


Spam and phishing in Q3 2017

In terms of the average share of spam in global email traffic (58.02%), the third quarter of 2017 was almost identical to the previous reporting period: once again growth was slightly more than one percentage point – 1.05 (and 1.07 p.p. in Q2 2017). As in previous quarters, spammers were quick to react to high-profile events and adapted their fraudulent emails to the news agenda. Read Full Article


Spam and phishing in Q2 2017

In Q2 2017, the average share of spam in global email traffic amounted to 56.97%, which was only 1.07 p.p. more than in the previous quarter. One of the most notable events of this quarter – the WannaCry epidemic – did not go unnoticed by spammers: numerous mass mailings contained offers of assistance in combating the ransomware. Read Full Article