Complex Spamming Operation
Spam and virus filtering is a complicated operation. The other week, a friend of mine contacted me about an article he was writing that would be exposing the complexity of an international spamming operation he and another researcher uncovered. As I read through the layers of data and reviewed the spammer's tactics, it became abundantly clear that spam is big business being carried out by sophisticated organizations using extreme tactics. The articles were written by Steve Ragan of CSO Online. The first article is "Spammers expose their entire operation through bad backups" and was posted on March 6th, 2017. In it, Steve details the sordid business that was uncovered as a result of data discovered by Chris Vickery, a security researcher with Mac Keeper. His post relating to the data collected is found here.
Forms of Spam
An aside here; spam comes in two main forms (each with many subtle derivations within each form). The form that has been around the longest is what I call "scam spam." Think stock tips that are too good to be true, Nigerian prince emails, male enhancement drugs, and various articles of worthless merchandise. The other form of spam we see is "malicious spam." This is the stuff that is sent with the intent to do harm to the recipients, usually through malicious links or infected attachments.
River City Media was involved in the sending message of the scam spam type, although their tactic could and are likely employed by others with more nefarious intent. The amazing part of these disclosures is the degree to which River City Media went to insure the veracity and deliverability of their unsolicited junk messages. First, this group contracted with legitimate brands, while at the same time, engaging in mass spam campaigns hawking junk.
Here are some of their key tactics:
- Used more than 1.34 billion email addresses to send their junk
- Changed corporate aliases and office locations regularly
- Used multiple less-than-reputable domain registrars
- Hosted resources with unscrupulous hosters
- Developed zero-day exploits targeting major email providers including Yahoo, AOL, Hotmail (Outlook.com), Juno, Gmail, Apple and others
- Infiltrated and read user email data without permission
- Tested campaigns with "warm up" accounts
- Worked with many other unscrupulous marketing companies to cover up their activities
You can read about some of the lessons learned in a subsequent article by Steve Ragan. The rest of the fallout from this discovery is being shared with the email providers most impacted with more reporting to follow.
Are You A Victim?
With more than 1.34 billion email addresses used, its likely that one or more of your email addresses was targeted by this organization. Good news is you can find out by visiting Have I Been Pwned and researching your desired email account(s). Once you sign up with this site by providing only your email address, they will proactively notify you if your accounts incur any pwnage in the future. Here is an email they sent me regarding one of my addresses. The subject of the message: "You're one of 393,430,309 people pwned in the River City Media Spam List data breach."
So what does this have to do with spam and virus filtering services like AppRiver's SecureTide™? Plenty!
Spam and Virus Filtering Benefits
As you can see, spammers employ sophisticated tactics. Defending against their campaigns requires a great deal of time, resources and expertise. Most businesses don't have the time, resources or expertise needed to implement an effective defense. SecureTide Spam and Virus Filtering does all that for your and offers the following advantages:
- Mail volume to your users is significantly reduced saving them time and increasing productivity
- Malicious content is effectively removed significantly reducing the likelihood of network compromise
- Emails that are filtered never reach your business network improving network performance and lowering compliance costs
- Statistics and logs are easily tracked through the control panel
- Delivery rules can be managed by administrators
- Only messages addressed to actual users in your organization are processed and delivered
- You can limit inbound connectivity to only AppRiver servers, thus increasing the security of your network
And you can have all this for a few dollars per user per month. Most out there will spend more than that on an overpriced cup of coffee! So next time you thinking about the need for spam filtering, you have some info that can help you make an informed decision.