The September State of Spam Report is out and includes several interesting highlights and trends seen inAugust. Some highlights in this report include an update on the stateof PDF spam, different variations that have been observed in e-cardspam tactics, including fake YouTube sites, as well as insight intosome new and novel tactics that were observed by Symantec during August.
Where did PDF spam go? Highlighted in a previous postas an emerging trend, PDF and other attachment spam reached a high inearly August but closed out the month with record lows. First seen inJune of 2007 with PDF files, attachment spam grew to encompass PDF, XLSand RAR files. By Early August, this spam type was seen in 20 percentof all spam, but by late August, accounted for less than one percent.Symantec will continue to monitor this trend closely for any changes.
First reported in the August State of Spam Report,greeting cards containing malicious content continued to be observed.These attacks continue to morph—including the social engineering tactof pointing readers to the ever popular YouTube site—as the spammertries different tactics to lure the recipient to click the URLcontaining the malicious code.
One common characteristic of these attacks is the use of the “dottedquad URL.” These numeric IP URL addresses send those that click to amalicious link hosting malware. As the spammer makes adjustments toevade AV/IPS detections, the malware being propagated from theseattacks has evolved and is being detected by Symantec asTrojan.Packed.13 or a variant of Trojan.Peacomm. A sample of amalicious message from this attack can be seen in the September Stateof Spam Report.
Other spotlights for the month of August include:
- An update on spam messages containing URLs with Chinese domains. First reported in this post,the use of the ‘cn’ TLD inc increased seven-fold in August from July.The promotion of pharmaceutical and casino products seems to be theprimary focus of these URLs. - Twists in one of the original types of spam messages, 419 scams.Twists include the use of attached Word files and inserted images ofthe supposed sender to instill confidence.
- Ever wanted to be a police officer? Degree spam usually entails aphone number or other call to action to earn your University degree ina short period of time by taking online classes. Symantec observed aunique example of this common degree spam in August which was enticingemail recipients with a degree in law enforcement.
- Chinese image spam. This spam technique of taking an image andturning it into a puzzle piece to evade spam filters was first seen inEnglish messages.
You can read about these trends and view samples in the latest
State of Spam Report .