Cybercrooks deliver holiday spam a month early

With a deteriorating economy and employees increasingly concerned about their own job security, cyber crooks are starting to take advantage of corporate insecurity by delivering their own brand of “cheer” to e-mail Inboxes worldwide.

Holiday and lottery-based spam is being delivered to Inboxes across the globe much earlier than usual, according to Symantec’s Messaging and Web Security November report.

Cupertino, Calif.-based Symantec Corp. tracks and analyzes spam, gathering samples through a global network of decoy e-mail addresses.

The Symantec report found spam levels averaged 76.4 per cent of all messages in October 2008, representing a six per cent increase since October 2007.

Based on past experience of holiday spam, experts expect the volume of malicious e-mail to increase over the next couple of weeks. With this increase in spam, comes heightened risk levels, as malware is inextricably linked to many of these messages.

Dermot Harnett, principal anti-spam analyst at Symantec said it’s not Christmas until you get an offer for a Rolex watch. “If the trees are going up – they’re going to be offered.”

Some of the holiday spam gathered in Symantec’s labs use popular name-brand companies to lure users into opening e-mails and click on the links inside.

For example, “Timepieces by Rolex” was the subject line in one e-mail in October 2008 with a body message that said “get started on shopping now.”

Other messages lured the economically vulnerable into gambling with subject links “Win Money for Christmas”, and “Hottest action and games online.”

When users click on these messages, different things can happen, Harnett said. Some of them will ask for personal information: name, address, social insurance number and date of birth for the purpose of selling that data to someone else.

Other e-mails could have an attachment with malware and when the recipient clicks on it, an information-collecting Trojan or a virus is downloaded onto the PC, infecting the computer or turning it into a zombie.

“We’ve been on an economic roller coaster over the past few months and spammers are latching onto the idea that if they can talk about the economy they may be more likely to get past anti-spam filters,” the Symantec executive said.

The turbulent economy is also connected to a rise of image spam. This brand of spam – which was popular in 2006 when 52 per cent of all messages were image spam – has re-emerged in the past month or so.

But new image spam is coming in the form of company logos intended to grab the attention of job-hunters and those concerned with their financial security.

Another recent trend saw e-mails supposedly from Henry Paulson, the U.S. Secretary of the Treasury, offering funds to American citizens.

Harnett noted that the economy has become a hot topic of conversation these days, and people are scared about losing jobs – so spammers are using the offer of jobs or money to lure unsuspecting victims.

Over the past several months, Harnett said Symantec has been witnessing the same trends – a link between current news events and the content of spam messages.   

Spam focusing on the U.S. presidential election began last year – when Ron Paul became a candidate in the Republican Party primaries. Such spam continues today, post-election.

A recent e-mail offered a “Barack-umentary,” said Harnett. It was billed as a free DVD to learn more about President-elect Barack Obama’s views. But the DVD wasn’t free and asked for banking information.

Spammers understand people are talking about the U.S. election and by making this the subject matter of their messages, they seek to evade anti-spam filters and infiltrate users’ Inboxes.

Lottery-based scams which are linked to popular news events, are also being circulated, preying on the economically-vulnerable, Symantec notes.

The two most notable include an e-mail that claims to be sent on behalf of the FIFA World Cup South Africa 2010 organizing committee.  It claims FIFA held a draw, and the recipient won a jackpot of US$80,000. The recipient is then asked to provide personal information for payment.

The second type of lottery spam circulated last month involved the 2010 Olympic Games in London. Despite being four years away, it is still be used as a lure and offers the recipient 50,000 British pounds sterling.

Lotto-type emails don’t include malicious URL links, but often use legitimate Web links, including links to news organizations such as the BBC or CNN, and they are sent in low volume.

James Quin, senior research analyst with London, Ont.-based Info-Tech Research Group said spammers cleverly take advantage of popular events and topics. “We are a relatively news driven society and we want to know everything about things in our current collective consciousness.”

For the average business, spam is not a huge security issue, experts say. Spam filters are available from many reputable vendors.

But for the small percentage that does get through, they say educating employees on best practices and what to avoid can be a big help.  

Employees should be instructed not to open unsolicited e-mail and certainly never open attachments or click on links in such e-mail.  

Ultimately the eroding economy is going to put slow down IT security spending, just as it’s slowing down  all spending,” Quin said. But he noted that most businesses would have to maintain a certain level of security.

“The holidays will have past before many businesses are forced to react to the economic downturn in any way that could [affect] their IT security stance.”

Share on LinkedIn Share with Google+