For years, the scourge of the Internet has been ever increasing volumes of spam that clog inboxes around the world. According to a new report from Cisco (NASDAQ:CSCO), 2010 was the first year on record that spam volumes actually declined. Cisco’s report also points out some counter-intuitive data about which types of technologies are being […]
For years, the scourge of the Internet has been ever increasing volumes of spam that clog inboxes around the world. According to a new report from Cisco (NASDAQ:CSCO), 2010 was the first year on record that spam volumes actually declined.
Cisco’s report also points out some counter-intuitive data about which types of technologies are being attacked. As opposed to Adobe PDF which had been a top target, Cisco said that Java vulnerabilities are now more exploited than those in Adobe Acrobat and Reader. Overall, Cisco is rating the status of cybersecurity threats at the end of 2010 at a level lower than they were in 2009, though there is still cause for concern.
The decline in spam volumes varies by geography according to Cisco. In the U.S., spam volume decline by 1.6 percent in 2010 in comparison to 2009. That said the U.S. still continues to lead globally in terms of spam with 11.1 trillion spam messages sent in 2010, down from 11.3 trillion sent in 2009. Among the other countries that experienced spam declines were Brazil with a 47.5 percent drop and Turkey which declined by 87 percent.
Mary Landesman, senior security researcher at Cisco, told InternetNews.com that the decline in spam volumes in 2010 was due to 8 major takedowns of spam senders. She noted that one of the biggest spam farms that was removed in 2010 was an affiliate marketing facilitator that was linked to pharma spam. Landesman said that by taking down the affiliate engine, the revenue stream for the pharma spam was cut off, which reduced the volume of spam.
The decline in spam, however, should not be confused with a decline in risk.
“Spam volumes are not really tied to risk exposure,” Landesman said. “Spam filters do an excellent job of keeping the stuff out people’s inboxes.”
She added that as a result of good spam filters, spam isn’t as much of a risk as it once was. On the other hand, the Cisco report points to a number of new trends in 2010 that due put users at risk.
Over the course of 2010, Adobe’s PDF products were attacked and updated multiple times. However according to Cisco’s data gathered from its ScanSafe cloud security division, Adobe PDF vulnerabilities were not the most exploited vulnerabilities during 2010.
“In 2010, exploited Java vulnerabilities outpaced the exploit of Adobe Reader and Acrobat,” Landesman said. “Java was 3.5 times more frequently exploited than were malicious PDFs. That really spells out the need for paying attention to what’s making the headlines but also paying attention to the types of things that aren’t making the headlines.”
The shift in attacks away from PDF toward Java occurred over a 12-month period. According to Cisco, in January of 2010 Java exploits represented 1.5 percent of web malware while PDF exploits accounted for 6 percent. By November of 2010 the tables had turned with Java coming in at 7 percent and PDF malware at only 2 percent.
As to why attackers shifted from PDF to Java, it all has to do with opportunity.
“There were some Java vulnerabilities along with exploit code that were disclosed in the first quarter,” Landesman said. “Attackers found that the attacks were working and the reason why it continued to be successful is because people were not focused on the need to patch Java.”
Oracle updated Java at multiple points throughout 2010. What’s not clear is whether or not all users properly updated to the lastest patched Java updates.
“The Java patch cycle is not as finely honed as perhaps it could be,” Landesman said. “There have been complaints for users that check for an update, the system says they’re updated, but they’re not actually updated.”
Another Java update issue cited by Landesman is when Java is updated but it still leaves an older version installed as well, which then is still exploitable. She noted that the Java update issues could just be user error, though they are still valid concerns.
“They lead to continued exposure even if the user has attempted to patch,” Landesman said. “The thing is, you really have to question how many users have really tried to patch Java.”
Landesman noted that there was so much attention focused on vulnerabilities in Adobe PDF in 2009 that by 2010 everyone was looking for them and making sure they were patched. In contrast there was no such focus on Java.
“Users still weren’t looking at Java and it just left this open potential for attackers to come and take advantage of the situation,” Landesman said.
Sean Michael Kerner is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2020
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Anticipating The Coming Wave Of AI Enhanced PCs
FEATURE | By Rob Enderle,
September 05, 2020
The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
August 14, 2020
Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
