SOURCE: MessageLabs, Inc.

March 06, 2008 06:00 ET

MessageLabs Intelligence: Spammers Defeat Google CAPTCHA Mechanisms

Spam From Gmail Doubles; Targeted Trojans Increase 200 Percent

NEW YORK, NY and LONDON--(Marketwire - March 6, 2008) - MessageLabs, the leading provider of messaging and web security services to businesses worldwide, today announced the results of its MessageLabs Intelligence Report for February 2008. Analysis of spam shows that 4.6 percent of all spam originates from Web mail-based services and the proportion of spam from Gmail increased two-fold from 1.3 percent in January to 2.6 percent in February, mainly promoting adult-oriented websites. Yahoo! Mail was the most abused Web mail service responsible for sending 88.7 percent of all Web mail-based spam.

Hackers have recently relied on new techniques for evading spam detection which involves computationally solving anti-spam CAPTCHAs, mechanisms designed to eliminate automated sign up tools used by spammers by requiring the user to perform a task that can only be performed by a human. Once hackers develop a computational method with a 20-30 percent success rate they can use their botnets to create unlimited numbers of accounts on compromised services for spamming and phishing. Yahoo! Mail and Hotmail CAPTCHAs were first broken in July 2007. The increase in spam from Gmail this month may be indicative of similar success.

"There are several approaches a spammer can take to defeat a CAPTCHA," said Mark Sunner, Chief Security Analyst, MessageLabs. "Whether they do so using an algorithm, a 'mechanical turk' or combination of the two, email providers are feeling the pressure to keep pace but are limited to what a human can realistically solve creating ever more doubt surrounding the long-term effectiveness of the CAPTCHA as a security mechanism for protecting email services from abuse."

Also in February, targeted Trojan attacks increased to approximately 30 per day, an increase of around 200 percent since the end of 2007. These attacks focus specifically on small numbers of targets in each incident, thus keeping below the radar of the wider security industry. One particular attack this month involved up to 900 targeted Trojans, primarily intended for named senior business executives worldwide, and made use of multiple attack vectors including compromised websites and malicious downloads.

"Online criminals are going to greater lengths than ever before to reach their targets," Sunner said. "Not only are we seeing a significant increase in the number of targeted Trojan attacks, but they often appear to be based on prior intelligence gathered about their targets. At the same time though, more and more businesses are protecting themselves against potential threats by only allowing employees to access pre-approved websites."

In fact, MessageLabs saw a significant increase in the number of websites blocked by businesses because they did not fall within an allowed list, rising by 12.9 percent from last month. By blocking unclassified websites, businesses can safeguard themselves against both new and existing potential threats. This is especially true of those websites which appear and disappear within 24 to 48 hours which are often used for phishing, spam, Trojans and other fraudulent activities. In fact, 62.2 percent of all web-based viruses and 82.5 percent of all spyware and adware were from this kind of website.

The Storm botnet has also continued to be a significant force in driving spam in February. For the first time it has been used to send spam touting VXPL, a drug promising male sex organ enlargement, and nicotine patches, likely tapping into a seasonal increase in smokers trying to quit. At the same time, there was an increase of activity from Storm to further compromise computers, making up more than 96 percent of this month's email-borne malware linking to malicious sites.

Other report highlights:

Web Security: The proportion of email borne malware identified containing a link to a website hosting malicious content has increased by 31.5 percent since January. In February the proportion of email-based malware containing malicious links was 61.1 percent.

Analysis of Web security activity shows 16.6 percent of all web-based malware intercepted was new in February. Messagelabs identified an average of 664 new sites per day harboring malware and other potentially unwanted programs such as spyware and adware.

Spam: In February 2008, the global ratio of spam in email traffic from new and previously unknown bad sources, was 72.7 percent (1 in 1.37 emails), a decrease of 0.7 percent on the previous month.

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources, was 1 in 105.5 emails (0.95 percent) in February, an increase of 0.2 percent since the previous month.

Phishing: February saw an increase of 0.33 percent in the proportion of phishing attacks compared with the previous month. One in 99.1 (1.01 percent) emails comprised some form of phishing attack. When judged as a proportion of all email-borne threats such as viruses and Trojans, the number of phishing emails had fallen by 1.7 percent to 87.5 percent of all email-borne malware threats intercepted in February.

Geographical Trends:

--  In February, spam levels in Hong Kong rose by 0.8 percent since
    January, taking it above Israel where spam levels fell by 6.9 percent in
    the same period.
--  Spam levels in the US were 68.9 percent in February, 74.0 percent in
    Canada and 60.4 percent in the UK.  German spam levels were 69.0 percent
    and 64.4 percent in the Netherlands. Spam levels in Australia were 62.2
    percent, 71.0 percent in New Zealand, 70.9 percent in China and 65.4
    percent in Japan.
--  Virus activity increased across a number of countries in February,
    including Israel where levels increased by 1.01 percent, which takes the
    number one spot from India, where levels fell by 1.58 percent.
--  Virus levels for the US were 1 in 120.9 and 1 in 82.6 for Canada.
    Virus levels for the UK were 1 in 106.5 and 1 in 121.3 for Germany.  In
    Australia, virus levels were 1 in 159.8, 1 in 403.7 for New Zealand, 1 in
    887.7 for China and 1 in 155.3 for Japan.

Vertical Trends:

--  Spam levels across a few industry sectors rose in February, with
    Agriculture and Manufacturing being the top verticals targeted with the
    highest levels of spam, with an increase of 3.9 percent since January.  The
    greatest rise was noted in the Non-Profit sector, where spam levels rose by
    11.1 percent to 72.1 percent.
--  Spam levels for the Retail sector was 76.2 percent,  75 percent for
    Public Sector,  75.3 percent for IT Services, 71.8 percent for
    Chemical/Pharmaceutical and 68.6 percent for Finance.
--  Similarly, virus levels for many industry sectors increased in
    February, with Education being the top vertical targeted with the highest
    virus levels.
--  Virus levels for the the Finance sector were 1 in 144.9, 1 in 116.6
    for IT Services and 97.4 for Retail.

The February 2008 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available at

MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About MessageLabs

MessageLabs is a leading provider of integrated messaging and web security services, with over 16,000 clients ranging from small business to the Fortune 500 located in more than 86 countries. MessageLabs provides a range of managed security services to protect, control, encrypt and archive communications across Email, Web and Instant Messaging.

These services are delivered by MessageLabs globally distributed infrastructure and supported 24/7 by security experts. This provides a convenient and cost-effective solution for managing and reducing risk and providing certainty in the exchange of business information. For more information, please visit

Contact Information

  • Media Contacts:

    Marissa Vicario
    +1 646 519 8116
    Email Contact

    Hill and Knowlton for MessageLabs
    +1 212-885-0552
    Email Contact

    Kirsten Doddy
    +44 (0) 207 291 7939
    Email Contact

    Weber Shandwick for MessageLabs
    +44 (0) 20 7067 0500
    Email Contact

    Andrew Antal
    +61 2 8208 7171
    Email Contact

    Spectrum Communications for MessageLabs
    +61 2 9954 3299
    Email Contact