Spammers Flocking To Free Web Hosting Sites

In a new report McAfee has warned that spammers are once again changing tactics and are taking to web hosting services in a big way.

In its “January 2010 Spam Report,” McAfee notes the trend is turning into an “all-out gold rush” as dozens of these free-hosting sites have sprung up to provide web space for anyone who requests it. According to the report, all of the sites most heavily abused by spammers seem to be related to 0catch.com, which serves up a number of free-hosting sites to anonymous users.

These types of services are good for spammers because such sites may have been around for a while and have legitimate traffic associated with them, the report explained. That edge could give spammers a few hours’ worth of an edge against anti-spam vendors before they can blacklist the host, the report warns.

Just what should be done about these services is a difficult question, opined Adam Wosotowsky, the anti-spam technology lead for McAfee labs and co-author of the report.

“The application of excessive regulation doesn’t fit with the Internet,” he told eWEEK. “There shouldn’t be a law against someone in a college [computer science] class putting up a new Facebook, and if everyone just loves it and it grows with all the strength of an Internet fad, then it seems illogical that it should reach some sort of legal barrier past which it is liable for the activities of its users, but before which it was classified as a startup website. On the other hand, the safety of the browsing public must be a part of a successful business, and it doesn’t seem like too much to ask that something be done to deal with spammers.”

The researcher said he would like to see more security technologies brought to bear within free hosting sites to fight spam and viruses.

“I know that some stuff is done, but I don’t know how technologically savvy it is,” Wosotowsky said. “Concepts that helped build trusted source could just as easily be applied to Yahoo Groups to identify problematic sites.”

Spam volumes shot up 14 December after trending downward for more than a month, according to the McAfee report, with much of that boost coming in the form of a Chinese pharmacy spam. The resurgence of spam from China came at a time when the country tightened its domain registration process, which some researchers predicted will actually help combat malicious activity.

Spammers, however, modified their emails to use free hosting domains in response, he said.

“I take the fact that the spammers had to switch from a long-standing registrar to be a good sign when placed against the backdrop of just how difficult it must be for China to manage its kingdom,” said Wosotowsky. “That they switched to another Chinese registrar is the one step back after the two steps forward. Time will tell if the cleanup continues, but it is not difficult to imagine in a country as complex as China that it will take some time for enforcement to catch up with the will of the leaders.”