50% Decline in Spam E-mail Announces IBM

IBM's Security Group, X-Force, currently released its 2011 trend and risk report that surveyed 4,000 customers and observed a 50% decline of spam e-mail in 2011against 2010.

According to the security researchers this decline can be credited to the seizure of major spam botnet that most likely must have obstructed the basic ability of sending e-mails, as reported in darkreading on March 27, 2012.

The successful shutdown of rustock botnet can be sited as a glorious example at this instance.

Over the past seven years, with improvement in the spam filtering technology, the IBM X-force have observed the evolution of spam as spammers have incessantly tried to update their spamming techniques to reach the readers.

Apart from a decline in spam, IBM also observed a 30% decline in the new exploit code that widely circulated hacking kit to pollute mutual software vulnerabilities, presumably as there are less vulnerabilities popping up. This is so because when vulnerabilities are discovered, the patching up of software is better done by vendor. The percentage of un-patched vulnerabilities decreased from 36% to 43% since 2010, according to IBM counts.

However, along with this positive development in this aspect, some discrepencies have also been observed during the study. Specially, the study discovered evolution of phishing events during the second half of 2011, and reaching undaunted number since 2008.Majorly of the phishing events relate to the impersonating of social networking sites towards enticing people into clicking fake links, thus inviting malware down loadable in their systems. A number of activities can also be related to the fake advertisements that ultimate mislead users resulting into a major trafficking of spams in the retail websites. The report also presents information about shell command injection vulnerabilities, which permit the attacker to implement commands directly on a web server. Shell command injection attacks increased by two to three times from 2011.

However, shell command injection vulnerabilities are now one of the most common attacks observed in the internet. It may be that hackers are glooming onto shell command injection as some of those vulnerabilities are being missed when people are trying to fix SQL injection issues "noticed Tom Cross, manager of threat intelligence and strategy for IBM X Force, as reported in infosecuritymagazine on 26 March 2012.

Related article: “Loopholes did not cause online banking thefts”: ICBC

» SPAMfighter News - 3/31/2012