Security Response

On April 20, for the first time ever, gold rose above $1,500 an ounce as worries over the U.S. economic outlook boosted demand for the metal as a haven. Within hours, Symantec observed this spammer’s response: a hit-and-run spam attack with the Subject line “Subject: Is Gold Your Ticket To A Golden Future?”

Hit-and-run spam (or snow-shoe spam) is a threat known for its large volumes of spam messages in short bursts, where domains are quickly rotating and the sending IP hops within a certain /24 IP range.

Key characteristics include:

• The message is in HTML
• There is some type of word salad or word obfuscation injected between various tags and/or in the URL by means of multiple directories
• The message is typically sent within the same /24 IP range
• Domains are rotated quickly

The call to action for this particular attack is a URL in the message body which directs the recipient to a Web site where the...

...and some of it masquerades as “marketing” and “newsletter” emails.

In March 2010, spam continued to account for a high percentage of all email traffic, peaking at 93.6% of all messages. The majority of this spam email was sent using certain tactics that were deployed to hijack unsecured computers and hide the senders’ identity. Recently, however, there has been an uptick in spam “marketing” and “newsletter” emails. These spam marketing and newsletter emails share one significant commonality with “regular” spam emails, which is that they are unwanted email messages sent to individuals who have no formal relationship with the message sender.

The distinction between the spam marketing and newsletter email and regular spam email includes the following:

•    The sender of the spam marketing and newsletter email may not go to extraordinary...

With Valentine’s day a little over two weeks away it is not surprising that spammers are already targeting this holiday. Valentine’s Day is a common target for spammers and in January 2009 the top five Valentine’s Day-related spam subject lines were as follows:

1.    Increase your length, the best valentine’s gift
2.    Show off your length for valentine’s
3.    Get it before Valentine’s day and watch her smile
4.    You have been invited to partake in a shopping spree with [Removed] This Month for Valentines!
5.    Happy Early Valentines Day, You have been selected to go on a $1000 Shopping spree to [Removed]

From time to time the products that spammers offer are surprising. A recent spam sample offered the perfect engagement ring but you would have to wonder about their target audience; seriously, who would buy an engagement ring...

Notable highlights this month include the continuing shift of the region of message origin to APJ and South America, and changes in the average size of spam messages.
 
•    The EMEA region has been firmly displaced as the primary region of origin for spam—the APJ region has obtained that mantle. The APJ region currently accounts for 26 percent of all spam, which is a nine percentage point increase since June 2009.
•    With respect to the average size of spam messages, 71.08 percent of messages now have an average message size between 2kb – 5 kb, while 19.53 percent have an average message size between 5kb – 10kb.
•    With respect to spam categories, Internet spam decreased by four percent and now accounts for 35 percent of all spam messages, with leisure and fraud increasing by three and two percent, respectively.

Click...