by Paul Wood
The New Year saw an increase in global spam levels as spammers continued to take advantage of holidays and major current events in an effort to entice users to click on links in email messages. Attracting email recipients with tempting content is a popular social engineering tactic used both in spam, scams and other types of malicious attacks. The email messages are designed to have some relevance to the recipient in order to increase the chances of them unknowingly clicking on the links and visiting spam websites or potentially becoming infected in a drive-by attack.
Symantec’s January Intelligence Report found that the New Year event itself presented an opportune theme for spammers. Symantec Intelligence identified a new tactic in spam emails that included URLs that related to more than 10,000 unique domain names. Each of these domains had earlier been compromised and the URLs pointed to PHP-based scripts hosted on the compromised websites, many of which referred to “New Year” in the file name. Some examples include, “HappyNewYear.php,” “new-year-link.php” or “new-year.link.php.” The PHP scripts simply redirected the visitor to the real spam website, but the potential for malicious use also exists.
The report also predicts ongoing use by spammers of upcoming calendar events such as St. Valentine’s Day on February 14th, so you should exercise caution before opening an email from a secret admirer! Spammers and malware authors will likely exploit this day and the online activity around it by luring users to click on malware links posing as St. Valentine’s Day e-cards and other scams. Spoofing legitimate e-greetings card websites is a frequently used technique for distributing email-borne malware.
Malware authors now also appear to be more strategic with their email distribution lists. IP addresses are more likely to appear on anti-spam block-lists if they are associated with a high number of invalid recipient emails. But in January, the number of spam emails that were reported as spam-related non-delivery reports (NDRs), was consistently stable and low – which suggests that attackers could be taking a more careful, targeted approach to finding their victims, such as exploiting social media to enhance their social engineering tactics.
As these social engineering techniques continue to evolve, and spammers and malware authors adapt their strategies, it’s important for users to follow best practices and utilize security solutions from trusted vendors. The January Symantec Intelligence Report outlines some suggestions on how users can keep themselves safe and better protected.
Other highlights from the Symantec Intelligence Report: January 2012
- Spam – 68.7 percent of total email in Canada (a global increase of 1.3 percentage points since December 2011) Phishing – One in 379.9 emails identified as phishing in Canada (a global increase of 0.06 percentage points since December 2011)
- Malware – One in 285.4 emails contained malware (a decrease of 0.02 percentage points since December 2011)
Paul Wood, is a Senior Intelligence Analyst at Symantec