Spammers Mine New Ground
- By William Jackson
- November 10, 2008
Spammers have jumped on the global financial crisis to lure unsuspecting victims
into their botnets by using the line, "Treasury Secretary Paulsen wants to send
you money!" And, in the wake of last week's election, President-elect Barack
Obama also has emerged as bait for other large spam campaigns.
In hours of the closing of polls, online security companies began reporting
a rash of e-mails purportedly coming from news organizations or official government
sites containing links to speeches, interviews or other election news. The links
actually redirect e-mail recipients to malicious code. MX Logic reported seeing
more than 1 million of the messages in the first two hours of their appearance,
and Sophos said similar messages represented up to 60 percent of all malicious
spam seen in its labs on Nov. 5.
In its most recent State
of Spam report, covering October 2008, Symantec Corp. reported that spam
averaged a little more than 76 percent of all e-mail detected at the mail gateway
with SMTP layer filtering last month. That is up by 6 percentage points from
the same month last year, but down from an 80 percent peak in August.
After dropping over the last year, the amount of image spam (e-mails that contain
images as the body of the message to avoid having text filtered), began to spike
again in October, most of it associated with bank phishing schemes. The United
States once again was the No. 1 source of spam last month, originating 29 percent
of the worldwide volume. Turkey was in second place with 8 percent.
Less than 12 hours after Obama's Nov. 4 acceptance speech, MX Logic began
seeing messages in its spamtraps from spoofed addresses for organizations
such as BBC, CNN and USA Today. The subject lines included "Barack Obama Wins,"
"Election Night Results" and "Fear of a Black President." Links in the messages
took recipients to a look-alike news Web site that prompted users to download
a file called "adobe_flash9.exe," which actually contains malware.
Websense Inc. Security Lab reported
a more targeted Spanish language version of the spam in lower numbers, with
the subject line "Nuevo Presidente Afroamericano en EE.UU." It touts
a video interview with Obama advisers and contains a link to a file called "BarackObama.exe"
which downloads a Trojan horse hosted on a compromised travel site.
The version reported by Sophos
prompts you to "watch his amazing speech at November 5!" and supposedly
links to a "2008 American Government Official Website," which provides
information about current U.S. foreign policy. This also prompts the viewer
to update Adobe Flash, which downloads a piece of malware identified as Mal/Behav-027.
Obama-related spam is not new, and his brand outpaced McCain spam during the
final month of the campaign by a wide margin, according to several observers.
"One of the new election-related spam attacks observed in October has been
dubbed by spammers as a 'Barackumentary,'" said Symantec's State of Spam report.
It contained the subject line: "CHANGE for the Worse-Your FREE DVD."
"Spammers offered a free DVD about Barack Obama; however, in order to receive
this 'free' video, recipients were asked to provide personal credit card details
to the sender," the report said.
Political spam only accounted for 3 percent of the volume detected by Symantec
in October, but financial scams accounted for 18 percent. It tied with phony
product offers for the second most common type of attack. Offers for Internet
services such as Web hosting and design and spamware was No. 1, with 22 percent
of the total.
The economic crisis was a major driver for malicious e-mail last month, Symantec
reported. "Spammers are swarming around the current economic concerns
using it as a vehicle for their spam attacks. The recent economic bailout package
and interest rate cuts have allowed spammers to step up their efforts on this
type of attack."
One attack was an American variation on the well-known Nigerian fraud. The
subject line was "US Treasury Department," and it contained a message
claiming to come from U.S. Treasury Secretary Henry Paulson, saying that he
had been instructed by the United Nations to "wire a sum of $1m into your
Bank Account in a Legal way." But to claim the money the recipient was
asked to provide personal details.
Another attack capitalized on the Federal Deposit Insurance Corp.'s high profile
in the news recently. An e-mail with the subject "funds wired to your account
stolen," purportedly from the FDIC, asks you to check an attached bank statement
that contains malware.
With the election behind us, what can we look forward to? "With the 2008
holiday season approaching, spammers are once again taking a seasonal spam angle
and using e-mail to tout such wares as pharmaceutical, product and casino spam,"
Nothing says "Merry Christmas" like a fake Rolex.
William Jackson is the senior writer for Government Computer News (GCN.com).