Today, Cloudmark has released its Q2 2013 Threat Report, covering recent messaging threats and trends during the past quarter. During the second quarter, fishy dieting offers and suspiciously free cruises made a splash on the SMS side of things. Meanwhile, a substantial uptick suggests compromised web hosting accounts seem to be making waves among seedier circles.
SMS spammers tried to hook victims with beaches and bathing suits as temperatures rose in the northern hemisphere. One popular set of texts proffered free vacation cruises to the Caribbean while others suggested trendy weight-loss tips and diet pills. Figure 1 illustrates the peaking of summer-themed SMS spam throughout this second quarter.
As you may notice, this summer themed spam accounts for more than 10% of daily SMS spam during most of the quarter. From May to June alone, those SMS texts promising hot, new diet tips and pills tripled in terms of monthly volume share. This put 12% of June’s volume on the shoulders of this previously minute type of SMS spam.
These diet messages also share a propensity for routing victims to a shortened URL that redirected to the website of a compromised hosting account. Armed with a seemingly endless supply of these domains, the spammer was able to cycle through a staggering amount of unique URLs. Use of these compromised accounts for the purpose of spam is far from unique however.
Instead, the evidence seems to suggest these compromised hosting accounts have become a lucrative commodity. Armed with an always-on connection ready for exploitation, they offer a new form of botnets. Figure 2 tracks the number of compromised domains seen this year and indicates a growing interest in these accounts over the quarter.
To sweeten the pot, nearly 60% of these compromised domains remain that way for at least a month. Left unabated, spammers are free to manipulate these innocent domains as they see fit. For more information on these threats and additional research, please visit our Q2 threat report.