SPAM, Bots, and Malware. Oh my!

Posted By: Jonathon Sanchez


Anyone who uses email knows about spam emails, and in 2010, there was an estimated 200 billion pieces of spam sent per day. However, recently, there seems to be an unexplained precipitous drop in spam. The one question that I have always had, as a person who was raised on technology, who actually falls for spam emails?

A University of San Diego and International Computer Institute joint research found that spam is big business. The researchers estimated that they could have made $7,000 per day. They ran a fake pharmaceutical website that mirrored a legitimate website. The faux-website asked for financial information and then told the user there was an error to try again. The actual hit rate was about .0127 percent of people who received the solicitation actually fell for the trick – since there is little limitation on how many e-mails can be sent out – the potential for big profits remainWhere do spams come from? Well us. Spam emails can have malware (malicious code) embedded in the machine that infects the machine. That in turn allows a remote user to use your machine to spread the spam to others. The United States accounts for more than 13.5% of total global spam, for example. But a small island of 50 people is, per capita, the leading sender of spam (unbeknownst to most of its residents). The very nature of what is spam, however, is changing.

The line between affliate marking (which is how amazon got its start) and spam can be thin. For example, is a twitterbot a type of spam? Twitter bots are online bots that pose as real people on twitter. There is a rising amount of them. Twitter tries to ban these bots, but people will pay to make sure their brand is trending. For example, the NFL team the Seattle Seahawks got caught red-handed trying to use twitter bots to get #Seahawks to be trending. Big business isn’t the only entity trying to leverage spam or malware, the NSA reportedly is using malware to use spying operations. Apparently, the NSA also used conventional cookies to track Tor users by utilizing google’s adsense tracking capabilities and most user’s use of default settings in their browsers regarding cookies.

Although to many users this won’t be as relevant, malware can even be used as a cyber-space weapon! Stuxnet is a tactical use of malware – that is widely believed to have been written by the United States – reportedly infected an Iranian nuclear facility. In fact, Stuxnet caused centrifuges to spin uncontrollably to cause damage that has delayed the Iranian’s use of nuclear energy (or to create bombs, depending on one’s political point of view). Analysts have also discovered that Stuxnet is far more sneaky than they originally knew. It may have even spread to a Russian nuclear facility inadvertantly (though one may want to take that news with a grain of salt).

Another even more annoying variant of malware is something called ransomeware! It’s far more invasive than the typical malware because it will freeze your computer, allegedly, unless the user pays to have the computer unlocked. It may also encrypt your files until you pay for it to be unlocked. Some of them will mimic a law enforcement website to appear more legitimate. A recent report indicates that nearly 2.9% of all infected users will pay out – total sum is nearing $5,000,000 a year.

So how can you prevent yourself from falling for spam or prevent malware from turning your computer into a zombie? First, don’t download anything from someone you don’t know. This might seem basic but “phishing” for user information is one of the most common ways crooks can get into your computer. Second, keep your computer up-to-date. Once a patch is released, crooks will use that exploit to infect computers who are slow to adoptp the patch. Third, a routine malware scan can detect and neutralize some malware you’ve encountered. Fourth, having a pop-up blocker installed is a must have. I would also suggest disabling javascript, but for some users that may be more annoying than its worth for them. Lastly, switching over to linux is the best option. That is what the space station did to combat its spam problem!

But remember to keep your smartphone protected, too. Malware coders can now put the malicious codes into html or other file formats that smartphones can execute.. There are a variety of different known malicious codes that vary in nefariousness from simply “Rick Rolling” a user to tracking a user’s location data to sending texts to premium numbers that a phone company would charge to your phone bill. Or, they can spoof popular apps and access the data that way, too. This will be even more pressing if users do adopt the e-wallet, such a google wallet, or other linking of their bank information on their phones. You can protect yourself similarly to how you protect your computer by being vigilant on what you install on your phone and run a malware protection app (here is another link for those who don’t have android phones). You can now even run linux (at least the ubuntu distribution) on your phone as well!


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s