Internet giant may indeed do something right; Yahoo! has a real problem.
Internet giant
Google
claims that a ‘complex risk analysis’ using ‘more than 120 variables’ has reduced the number of compromised accounts on its system by 99.7% since 2011.
VB
‘s data suggests that this could indeed be the case.
It is usually good to be skeptical when companies make such bold claims about their own performance. Even putting aside the company’s obvious interest in making things appear better than they are, bias easily slips in when one measures one’s own performance. After all, from an attacker’s point of view, an ideal compromised account is one where no one, including
Google
, notices it has been compromised – and which thus would not appear in the statistic.
But our own measurements show that
Google
may have a point when it says it is doing something right – and that
Yahoo!
, and to a lesser extent
Hotmail
(now
Outlook.com
), has a real problem.
For the
VBSpam
spam filter tests we collect various streams of legitimate emails (since a spam filter that blocks most spam, but which blocks a lot of legitimate email as well, is of little practical use).
However, the legitimate feeds we use do receive the occasional spam email – usually from compromised accounts and typically sent to addresses contained in the compromised accounts’ address books. We have noticed a few emails from compromised
Gmail
accounts among these spam emails, but noticed that
Yahoo!
emails are far more prevalent. We were initially hesitant to draw conclusions from this: it is well possible that the feeds we receive are skewed towards certain email providers.
Indeed, they are skewed, but towards
Gmail
, whose messages are far more prevalent among the legitimate feeds. This makes the situation a lot worse for
Yahoo!
: over the last eight months of testing we have found that, in the legitimate email feeds, about one in 115 emails from the Sunnyvale-based company were spam, compared with fewer than one in 4,800 from
Gmail
.
Hotmail
,
Microsoft
‘s free webmail service (now
Outlook.com
), isn’t doing particularly well either, with almost 1 in 325 emails being spam.
Although we have not been able to verify whether all webmail accounts seen spamming were compromised legitimate accounts, we could tell that for the majority this was indeed the case. Note that we do not make any claims about the prevalence of the various webmail accounts in overall spam – but spam that is sent indiscriminately to the recipient tends to be relative easy to block and is generally not sent from webmail accounts.
Spam sent from compromised accounts, on the other hand, is notoriously hard to block, especially when the emails are sent to people in the accounts’ address books and include links to pages on compromised websites (that typically redirect to the payload on domains controlled by the spammers). Since a significant portion of the links in these emails attempt to install malware (typically via exploit kits such as Blackhole), they are more than a mere nuisance. By reducing the number of compromised accounts, webmail providers thus not only reduce abuse of their own systems, they also help make the Internet a safer place.
It is true that users have an important role to play: by using secure passwords and clean machines, they reduce the chances of their accounts being compromised.
Gmail
users have a
reputation
of being more tech-savvy than those using other webmail services, but this alone can’t explain the huge difference we see.
Yahoo!
, and to a slightly lesser extent
Microsoft
, would thus do well to take a leaf out of
Google
‘s book.
More on
Google
‘s success against hijacked accounts at the company’s blog
here
. More on the VBSpam tests can be found
here
.
Posted on 21 February 2013 by
Martijn Grooten
Leave a Reply