Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.
Symantec Intelligence

How Celebrity News Shapes the Spam Landscape

Created: 30 Dec 2009 • Updated: 30 Dec 2009
MarissaVicario's picture
0 0 Votes
Login to vote

Posted on behalf of Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec Hosted Services

Happy New Year! The uncertainty of what 2010 will bring news-wise is exactly what makes the spam landscape, well, interesting and unpredictable. Although we can predict general threat trends as we have in our 2010 Security Predictions, we can never foresee spam’s entire future which makes everyday a virtual crap-shoot – to an extent – for our MessageLabs Intelligence Team.

Let’s take a look back at the events that shaped the 2009 spam landscape:

The global credit crisis and the election of US President Barack Obama provided two major themes to much of the spam blocked in early 2009. Other events, festivities and news stories also contributed to many spam themes in 2009, including:

•    St. Valentine’s Day on 14 February

•    St. Patrick’s Day and NCAA March Madness in the US in March

•    4 July Independence Day in the US

•    Global flu pandemic of H1N1

•    Fatal crash of Air France flight 447

•    Deaths of singer Michael Jackson and actor Patrick Swayze.

Interestingly, following the death of Michael Jackson on 25 June, the topic had been quickly adopted in several spam campaigns and at the time, approximately one percent of all spam referenced Michael Jackson.

Even before Jackson’s death, news of Farrah Fawcett’s passing precipitated a spate of spam purporting to relate to her death and later when the death of Patrick Swayze was announced on 15 September it was only a matter of time before the spammers and cyber criminals used the opportunity to tailor their output accordingly.

The financial gloom has served as a popular topic for spammers and fraudsters, especially during the first half of 2009. As credit became harder to secure through traditional means and the global economic woes provided consumers with uncertainty, spammers, fraudsters and phishers added the recession to their list of themes to leverage. 

In February, spam containing hyperlinks to a number of major well-known search engines delivered much of the early recession-based spam. The hyperlinks were not using automated redirection links as had been seen previously, but using an automated search for the spammers’ website domains.  Search engine spamming techniques enable the spammers to include a hyperlink constructed from a search engine query within the body of the email. When the link is followed it leads the browser to the spammers’ websites.

Rather than watching the news and reacting by manually tweaking the subjects and content of their spam runs, MessageLabs Intelligence has tracked numerous spam runs that very strongly indicate a high level of automation in producing news-related spam campaigns.  Spammers aim to do as much as possible to attract or lure the recipient into opening the email, and reading it.  Spammers have demonstrated repeatedly that using topical or newsworthy events in subjects and in the spam message body is a very fruitful way to push up response rates.  As 2010 dawns, spam campaigns featuring a breaking news story can filter through to inboxes faster than ever before, as automated scripts scrape headlines and the text of new stories from hundreds of news sites. 

This is not a new thing, but anecdotally MessageLabs Intelligence suspects that newsworthy events are being squirted into spam campaigns more and more.  Increasingly spam campaigns are lined up very much in the style of <insert subject here>, and these automated scripts ensure that whatever the hot topic is, that internet users are reading in their lunch break, or seeing flood in to twitter or RSS feeds, is also appearing in inboxes in spam subjects.  With interest in the news event at a maximum within the first 12 hours or so of the story breaking, spammers are right there riding on the interest that the story generates.

An example of this a recent spam campaign where a news headline about a cricketer scoring a century, came through within hours of the century being scored.  The spam subject was found on a news website which suggests that some automated script picked up the headline.

Stay tuned as MessageLabs Intelligence uncovers what 2010 will bring.

For real-time updates on the threat landscape, follow us on Twitter @MessageLabs

To download the MessageLabs Intelligence Annual Report in its entirety, please visit: http://www.messagelabs.com/resources/mlireports