New Spam Trick Leverages E-Newsletter
Spammers have some new tricks to play. So long they have been disguising Viagra ads as e-mail newsletter, which offer information such as of latest airline deals or update users on hockey pool.
Spammers are now frequently using legitimate newsletters and e-advertisements from popular brands such as Wal-Mart, eBay, Amazon, NFL, Kohls, Verizon, ESPN, U.S. Airways and 1-800-Flowers to evade software protections. They lift code from Web sites of real companies and incorporate and edit them into legitimate e-mails to send them as spam.
Symantec's researchers claim to have found e-mail messages that pose as real newsletters but are only e-mails that spammers had hijacked.
In the views of Doug Bowers, senior director of anti-abuse engineering for Symantec, the new spamming trick is ironic, in the light of the problems legitimate newsletters earlier had in preventing spam filters. Bowers told SCMagazine news, for January 17, 2007. For security experts, the irony stands out in as Bowers recalled how only a few years back a large number of legitimate newsletters were categorized as spam, while the opposite was happening now.
The strategy fools recipients into believing that they are opening the e-mail for a genuine newsletter. The irony is that anti-spam filters are unable to block these e-mails forcefully for they might also restrain legitimate newsletters.
In this strategy spammers haven't attacked legitimate marketers' PCs to deliver their e-mails. While usual phishing scams are based on the process of lifting code off the actual websites of financial institutions, these spammers have twisted genuine e-mails and dispatched them via normal spam routes.
Bowers elaborates, the scenario with spammers is that they take off from the format of a normal newsletter and make slight modifications. The recipient thinks a proper newsletter would appear but then the actual message or a pop-up emerges.
This understandably creates confusion for users because they move with some amount of trust. The technique also confuses filters. Whether or not this spamming technique delivers other security risks awaits evidence.
As optimum defense against this latest trick Bowers advises users to deploy strong spam filtering programs and be aware of the latest scams.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 23-01-2007