Spam attacks focus on victims' economic gloom

Share this article:

The economy remains the main topic spammers focus on to lure users into opening emails with malicious links, according to Symantec's March 2009 "State of Spam" report.

“It's something the spammers are latching onto to get into a victim's inbox,” Dermot Harnett, principal analyst of anti-spam engineering at Symantec, told on Tuesday.

One of the more egregious spam messages Symantec found looked like a rejection letter. It said: “Unfortunately we have to inform you that your qualifications and experience does not fit the position you applied for.”

A URL in the message pointed back to a legitimate site, but the message said: “We have attached a copy of your application you sent for us.” If a user clicked on the attachment, an attack was launched involving the Hacktool.Spammer virus – a program that hackers use to attack inboxes by flooding them with email.

“If you apply for a lot of jobs, and you see job application rejection scams come in, you might be tempted to take some action, such as clicking on a link,” said Harnett.

The amount of spam has a tremendous effect on email infrastructure overall. Most users do not see that most email is in the form of unsolicited bulk email. Most spam originates in botnets, but there are new and emerging type of attacks, Harnett said.

“The continuing abuse of webmail, for instance – that is, free accounts that are being used to launch spam attacks – have been a problem,” he said. "But the fact that email works at all shows that countermeasures are working. If they weren't, we couldn't really use email.”

The Symantec report said that of all email, 86 percent is spam.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

NIST finalizes cloud computing roadmap

NIST finalizes cloud computing roadmap

The NIST architecture is designed to accelerate the adoption of cloud computing.

Chinese MitM attack targets iCloud users

Chinese MitM attack targets iCloud users

The attack used a false certificate to trick iCloud users into handing over personal data and login credentials. With an attack of this size, some experts and researchers believe the ...

EPIC: driver data shared via V2V technology needs protection

The groups shared comments on V2V communications with the National Highway Traffic Safety Administration.