Spam Mails Now Sent Concealed in Legitimate Sites

Unified Threat Management PLUS solutions creator, Cyberoam, in partnership with Commtouch, on April 28, 2008, reported that spammers and malware distributors are trying to hide their unsolicited messages inside legitimate looking e-mails and Websites.

Joshua Block, Vice President of North American Operations, Cyberoam, stated that the most recent e-mail intimidation, as revealed in the study report, clearly testified that spammers are creating an artificial sense of confidence among potential victims by leveraging actual resources, as reported by MarketWire on April 28, 2008.

The tactics are varied including camouflaging of pharma spam as Hotmail welcome messages, redirecting blogspot to malware infected sites, hiding infected sites in URL search results, hosting image spam on Flickr accounts and using Yahoo! and Google Calendar standards for spear-phishing scams.

Researchers at Cyberoam pointed out that each of these ways employ social and psychological engineering tricks to exploit user trust. On an average, over 350,000 compromised PCs were freshly activated every day for the purpose.

A sharp increase in the use of social engineering tactics on user behavior was observed in Q4 2007, when spammers staged attacks with discounted gift and easy cash scams. Unfortunately, the existing security programs were not able to check them, pushing spam volumes to an alarming rate of 94% of the total e-mail till date in 2008.

Also, malware and spam generators, during this period, leveraged current events to make their messages appear more relevant. In late January 2008, when the US Federal Reserve reduced interest rates to deal with the acute mortgage problem, the move allowed eligibility for refinancing to millions of US mortgages. spammers capitalized on this by pumping out huge volumes of mortgage-related spam, leading to a high of 10% in spam levels in that quarter from an earlier 2%.

The increase in the mortgage spam also prevented or delayed correspondence between the lending institutions and people applying for loans, as technologies failed to distinguish between the valid loan seeking e-mail and the spam.

Researchers also indicated that while spam outbreaks continued robustly during holidays like Valentine's Day, April Fool's Day and St. Patrick's Day, most of the anti-spam programs could not block the e-mails as they ended up in creating false positives.

Related article: Spam Scam Bags a Scottish Connection

» SPAMfighter News - 5/2/2008