Friday, September 08, 2006

Email Spam Harvesting Statistics

Web application email harvesting has always represented an untapped threat, and it's not the basics of parsing or web application vulnerabilities I have in mind, but the already stored, in-transit, and saved contacts by infected people and their (insecure) platforms.

Malware is already averaging 1 piece in 600 social networking pages, which isn't surprising and is greatly proportional with the rise of web application vulnerabilities. Compared to personal data security breaches capable of providing the freshest and most recent emails of the parties involved, thus reseting a spammer's activities lifecycle, web email harvesting is still a rather common event.

Thankfully, there're already scaled initiatives such as the Distributed Spam Harvester Tracking Network making an impact :

"Project Honey Pot is the first and only distributed system for identifying spammers and the spambots they use to scrape addresses from your website. Using the Project Honey Pot system you can install addresses that are custom-tagged to the time and IP address of a visitor to your site. If one of these addresses begins receiving email we not only can tell that the messages are spam, but also the exact moment when the address was harvested and the IP address that gathered it.

To participate in Project Honey Pot, webmasters need only install the Project Honey Pot software somewhere on their website. We handle the rest — automatically distributing addresses and receiving the mail they generate. As a result, we anticipate installing Project Honey Pot should not increase the traffic or load to your website."

Some current project statistics:
- Spam Trap Addresses Monitored - 1,354,582
- Total Spam Received - 1,464,090
- Total Spam Servers Identified - 499,310
- IPs Monitored - 611,368
- Total Harvesters Identified - 10,653

Donate a MX record, or get yourself an account and start contributing. On the other hand, the host that's web crawling for fresh emails today, will definitely match with the one found in a phishing email at a later stage -- the growing transparency and the pressure put on spammers inevitably results in the Ecosystem I mentioned in my Malware - Future Trends research.

Related posts:
The Beauty of the Surrealistic Spam Art
Real-Time PC Zombie Statistics
The current state of IP spoofing
Dealing with Spam - The O'Reilly.com Way

No comments:

Post a Comment