Your spam is getting dangerous

Spam, once just an annoyance, is becoming downright dangerous.

In 2004, Bill Gates said “two years from now, spam will be solved.” That never happened. And while the spam rate saw a steady decline after 2011, there has been an recent uptick as the maliciousness of spam has increased.

In the first half of 2017, the spam rate reached 54 percent, after bottoming out at 53 percent for both 2015 and 2016 with “all signs point to a continuation of this upward trajectory,” software security giant Symantec said in an October 2017 internet security report.


The report cites email as the most frequently used delivery mechanism for malware. “No other distribution channel comes close,” Symantec said. “The attackers just fire off a spam message to a target...and that’s it—no need to rely on indirect methods where the target might or might not visit a compromised site or click a malicious banner ad."

“It is a direct channel to an end user...[and] can cut a large swath through a variety of network security layers," Symantec added. Malicious spam can also often result in ransomware, a Symantec spokesperson told Fox News.

Enter infamous spambots

Lately, the operative word is "malicious" for spam arriving in your inbox.

"A lot of spam is aimed at dropping malware on your machine," Jonathan Penn, Director of Strategy internet security firm Avast, which offers products such as Avast Internet Security, told Fox News.

"That malware is often a botnet, and botnets are especially stealthy since their value is directly tied to how long they can remain undetected," Penn added.

The most widely used method to distribute malicious email is spambots, which is often part of a larger botnet – a bunch of Internet-connected devices running bots – and is “one of many tasks that the particular botnet carries out,” according to the Symantec report.

The Onliner spambot, which bypassed email filters to make it appear as though the emails were coming from legitimate sources, got a lot of attention this past summer because it inadvertently exposed its own email spamming list that included 711 million addresses.


“The social engineering is nuanced, designed to trick the recipient into clicking on the attachment, thus triggering a copy of the Ursnif Trojan to install," Adam Levin, chairman CyberScout LLC, a provider of internet security solutions, wrote in a blog post.

Onliner was used to deliver malware into inboxes, resulting in more than 100,000 unique infections across the world, according to a report in technology website ZDNet.

Other infamous malicious spam includes Emotet, which is often disguised as a legitimate PDF file or invoice, and the Tofsee spambot which may contain links within the emails that lead to phishing sites, “where any personal details entered are likely used for identity theft or romance scams,” according to the Symantec report.