Spammers are increasingly looking to use web-based services in order to beat the anti-spam protections in security software, according to research from Virus Bulletin.
The security research and testing firm is reporting that its latest anti-spam study revealed that rather than rely solely on malware-infested PCs and botnets to send spam emails, cyber criminals are taking advantage of web hosting firms to send unsolicited messages.
Overall, researchers have found that the web-based messages were slightly more successful at evading security tools, giving spammers a slightly better chance of getting users to view and follow their spam messages. In a high-volume market such as spam marketing, the higher failure rate can make a big difference for the success of a campaign.
“The report shows that well over one percent of spam sent from web hosts manages to bypass spam filters, compared with less than 0.3 percent for spam sent via other means,” said Virus Bulletin anti-spam test director Martijn Grooten.
“Of course, one percent still means the vast majority of messages are blocked, but with spam campaigns easily running to millions of emails, this difference can make or break the campaign for the spammer."
Overall, the report found that anti-spam tools are highly effective for keeping junk mail out of customer inboxes. Of the products tested in the report, all blocked more than 97 percent of spam messages while maintaining a false positive rate of less than 0.25 percent.
Among the top performers in the test were BitDefender and Fortinet. Researchers also noted that Libra Esva, Kaspersky and OnlyMyEmail achieved detection rates above 99 percent while minimising false positive rates.