Current Spam Trends: What’s Old is New Again

by Christopher on January 9, 2012

At the end of 2010, we saw a resurgence of some vintage tactics spammers used three or more years ago to bypass content-based spam filters. In particular, three old ploys were revived for use in conjunction with newer trends (like falsifying alerts from social networking sites) for some fresh spam tactics, as seen in the Commtouch Q4 2010 Internet Threats Trend Report.

The first all-too-familiar tactic spammers revived in recent months is the use of hidden text. Fonts are shrunk down as small as possible and changed to white so as to make them invisible to the reader over an email background. Random typing that’s invisible to the eye but visible to spam filters is inserted in the middle of words that are standard red flags to Bayesian, heuristic, and other content-based spam filters. To the recipient, words simply appear to have sporadic, erroneous spaces in them; to the spam filter, however, those spaces are actually several characters, making the words unrecognizable, and therefore not cause for a block or re-direct into a junk mail folder.

A second tactic seen again at the end of 2010 after some time is the use of Google’s cache tool to sneak spam website links past content-based anti-spam technology. Google is, by default, a white-listed, or acceptable, domain to most spam filters. By going to a website through Google’s cached version link, the resulting URL begins with the Google domain name. By turning this URL into a hot link in an email, many spam filters are accepting, while the recipient is still taken to the spammer’s intended address via a typically seamless redirect.

The third vintage spam tactic enjoying new life since the end of 2010 is known as ASCII art. This refers to the careful arrangement of computer characters (letters, digits, and symbols) to form a larger representation of an image. Just type “ASCII art” in as a Google image search to see plenty of impressive examples. Using ASCII art, spammers can create representations of letters and words without actually typing those words. Hence, content-based spam filters remain unaware of the words and phrases that a human reader will see.

These revived spam tactics underscore the ongoing need in 2011 for an email security system that doesn’t rely solely on content-based methodologies. Effective spam filtering products have a multi-tiered approach that evaluates the validity of an incoming email message based on a variety of factors.

Be the first to comment

Spam Zombie

by Christopher on December 8, 2011

Perhaps you’ve been staggering around, drooling, staring off into space, and pawing without coordination at miscellaneous objects within your reach. Perhaps you’re a zombie. Perhaps it’s Monday morning, Jim’s still lurking around the coffee pot, and the idea of discussing your weekend with Jim makes you twitch with sensations of oncoming spontaneous combustion, so you haven’t had your coffee yet. Perhaps I’m already getting way off-topic and thinking about the wrong sort of zombies.

Many people assume that spam’s primary purpose is to sucker you into buying supplements that will fail to make any of your various organs grow larger. But a significant chunk of the spam circulating out there in the email ether has one directive: hijack new email accounts to proliferate the spread of more spam. Computers taken over in this way become part of what’s known as a robot network, or botnet, and are often referred to as “zombies.”

Spammers commonly use spam messages to bring more random, under-protected email accounts into the ranks of their zombie armies. Many botnets are comprised of tens or hundreds of thousands of the millions of home and business computers that have been compromised, and they are the source of the overwhelming majority of all spam, as the Federal Trade Commission reported in a recent consumer alert.

Your home or office computers can be turned into botnet zombies without your ever knowing. There are a few indications that may arise, including a significant slow-down in the machine’s performance, mysterious emails stored in your sent-mail folder, or baffling complaints about the spam “you” have been sending lately. However, even if you find out that spammers have hijacked your email account, damage was likely already done.

The leading anti-spam email protection technologies today make use of a method known as IP address reputation filtering. Basically, they keep track of what email accounts at specific IP addresses are up to, identifying those that act legitimately and those that act according to spammer patterns. Reputations are thus established for IP addresses, and spam filters consider a sender’s trustworthiness when deciding whether an incoming message is spam. If your home or business computers become zombies, you’ll eventually develop a bad reputation and your emails will be bounced or sorted into spam folders. Consequences can range from slightly inconvenient to completely devastating for personal and professional email uses alike.

As a zombie, your computer may also give a spammer access to files stored within and email addresses in your contact lists. “You” may suddenly start sending your recovering gambling addict boyfriend emails promoting online casinos, or encouraging your grandmother to start purchasing her life-saving medications directly from some guy in a barn in Bolivia. Imagine the interesting interactions you’ll have when your work email account starts sending special offers to your boss and your client roster. You may also find that your host or ISP isn’t particularly happy with you, which can result in your website being shut down or your internet account cancelled.

Being a zombie is so often glorified, what with getting to eat brains and all. But when your computer is taken over by a spammer and hooked into a botnet, life as a zombie can be a lot less glorious. Usually, all it takes is one wrong click. Be on guard, educate your employees about spam threats and signs of malware infection, and invest in up-to-date anti-spam filtering.

Be the first to comment

Adult Content Spam and Sexual Harassment

October 7, 2011

Whether the message invites you to view someone’s webcam, prolong your erection, or watch “young girlz get raped,” adult content spam is becoming increasingly explicit, graphic, and offensive. It’s also becoming more common. Spam email accounted for 85 percent of all email, or 134.3 billion messages in November 2010, according to Cisco IronPort SenderBase Security […]

Read the full article →

Facebook Increases AntiSpam Safeguards

August 12, 2011

Because there are no barriers to entry, spammers and scammers are free to set up Facebook accounts to spread malware and phish for valuable information. In addition, Facebook is so user-friendly, people with no internet know-how or computer savvy join and participate. This stocks the social networking site with potential targets who lack the appropriate […]

Read the full article →

The End of Spam?

July 31, 2011

The computer scientists from the University of California who made news in 2008 for determining that one in 12.5 million spam email messages yielded a sale are at it again. The team, comprised of staff from UC, Berkeley and UC, San Diego, believes they have found a viable way to end spam for good. In […]

Read the full article →

Google+ Spoofed by Spammers

July 2, 2011

With the combining of two of today’s most significant spam trends — targeting social network users and sending pharmaceutical spam — Google+, which is Google’s new social networking site, has joined the ranks of brands spoofed by spammers. Email messages from Google+ are now being fraudulently replicated in a major spam campaign. The spam emails […]

Read the full article →