Video Screencast Help
Security Response

Rush Towards Gold Related Spam

Created: 20 Apr 2011 21:44:04 GMT • Updated: 23 Jan 2014 18:21:32 GMT • Translations available: 日本語
Dermot Harnett's picture
0 0 Votes
Login to vote

On April 20, for the first time ever, gold rose above $1,500 an ounce as worries over the U.S. economic outlook boosted demand for the metal as a haven. Within hours, Symantec observed this spammer’s response: a hit-and-run spam attack with the Subject line “Subject: Is Gold Your Ticket To A Golden Future?”

Hit-and-run spam (or snow-shoe spam) is a threat known for its large volumes of spam messages in short bursts, where domains are quickly rotating and the sending IP hops within a certain /24 IP range.

Key characteristics include:

  • The message is in HTML
  • There is some type of word salad or word obfuscation injected between various tags and/or in the URL by means of multiple directories
  • The message is typically sent within the same /24 IP range
  • Domains are rotated quickly

The call to action for this particular attack is a URL in the message body which directs the recipient to a Web site where the recipient can request a “free” investor kit. In order to receive the investor kit, personal contact information is requested. Certain personalities are used in the image for this spam campaign including Glenn Beck. A Google search reveals an interesting angle about Glenn Beck promoting gold investments. It seems that the spammer did some research in order to know about the association before propagating this spam campaign.

Symantec has known for some time now that spammers stay on top of current events and adapt their economically focused pitches towards the news headlines. In the midst of the economic gloom, for example October 2007, Symantec reported several spam emails with subject lines such as “Looking to sell your house fast?” and “Get the dough out of your house.” This gold-rush spam attack of April 2011 adds more credence to the argument discussed in a blog post published April 2010, which was written to explore whether the focus of spam email could be used as an economic indicator.