The July State of Spam Reportopens with optimistic words from 2004, from one Bill Gates: “Two yearsfrom now, spam will be solved.” While we wish that we could say theoptimistic words came to fruition, the reality is that ithas continued to increase and is now accounting for 80% of all email.Over the past month spammers have shown in a variety of ways how theyare still trying to best antispam filters. Some of the spam attacksseen in June include:
- Hacked personal email account used to scam contacts
- Spammers simplify email harvesting technique
- China Earthquake tragedy used to spread viruses
- Olympics-related lottery scam emerges
- Bogus news events continue to be used by spammers to net innocent victims
Hackingpersonal email accounts, taking advantage of tragedies, and generatingbogus news events are all part of the spammer arsenal in recent times.One of the more interesting developments we came across this month wasparticularly nefarious. Imagine that your personal email account ishijacked by a spammer who, without your knowledge, pretends to be youand proceeds to send emails to everyone on your contact list. That’sexactly what happened. In this case, the spammer assumed the identityof the user, concocted a story about being trapped on a vacation inNigeria, and requested money to assist leaving. This is sneaky becausethe email will look like it is indeed coming from a trusted source—aknown person. In one case that Symantec observed, the spammer was ableto gain access to some users' passwords for an online auction site andbegan bidding on computer equipment, which he also requested be shippedto Nigeria.
As discussed in our Julyreport, another tactic used by spammers in recent times is to try tocapitalize on the news of tragedies to spread viruses. Spammers areusing subject lines that look like legitimate news headlines regardingthe China earthquake in order to get higher open rates on theirmessages. Once opened, the email urges the recipient to click a link toplay a video. The video in turn opens an executable file, which hasbeen detected as Trojan.Peacom.D by Symantec antivirus software. Usersshould be aware of these and other spam attempts and should avoidopening these emails and clicking on suspicious links.