Application security, Incident Response, TDR, Vulnerability Management

Spammers use third-party tools to bypass email filters

The first quarter of 2008 saw an increased trend for spammers and malware developers to leverage legitimate content sites in order to bypass email filters, according to a report released by Commtouch.

According to the Commtouch Q1 2008 Email Threats Trend Report, spammers and malware distributors utilized various items to give their messages the appearance of legitimacy, including embedding images served from valid sites like Flickr, hiding their malware URLs in search result links, and injecting spam or malware links into transactional Hotmail content.

They are cloaking their messages using legitimate sites, according to Rebecca Steinberg Herson, vice president of marketing at Commtouch.

“Using legitimate sites in this way can confuse traditional filters,” Herson told SCMagazineUS.com on Monday. “By traditional, I mean filters that are based primarily on content and using messages to analyze whether it is a good email or a bad email.”

There has been a sharp increase in the number of incidents involving Google's Blogspot blogging site to start this calendar year, Herson said. Blogspot has been used by spammers over the past year, but spammers have added a new wrinkle.

“A lot of malware is being distributed via Blogspot,” she said. “Spammers are sending out emails with links that are generated on Blogspot, but the link actually leads the user to a site that downloads malware, especially if the user is using Explorer.”

She added that Google is vigilant in eliminating the malicious links, but it is happening so fast it is hard to get rid of the links.

The Commtouch report also noted that holidays continue be “celebrated” by spammers and malware developers, with increases in malicious email near Valentine's Day and St. Patrick's Day.


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.