Spam More Creative, Better Targeted
Thirty years after the first unsolicited e-mail advertisement was sent, the phenomenon now known as spam is continuing to grow -- and becoming more sophisticated, creative and malicious.
Spammers are now "subpoenaing"
their victims with official-looking court documents, inviting them to schedule
meetings on their Outlook calendars and offering to put them in movies, according
to Symantec Corp.'s monthly "State of Spam" report for May.
"During the month of April, 80 percent of all e-mail was spam, with that
number jumping as high as 87 percent at times," the anti-virus and online
security company reported. Those figures are based on Simple Mail Transfer Protocol-layer
filtering at the e-mail gateway and do not reflect the volumes of spam detected
at the network layer.
Although any unsolicited and unwanted commercial e-mail can be considered spam,
a growing amount of it is fraudulent or otherwise malicious. A growing concern
is the practice known as phishing, which uses a variety of e-mail baits to lure
victims into providing personal information or downloading malicious software
that can steal the information. A subset known as spearphishing is, as the name
implies, a targeted attack aimed at specific individuals.
In April, Symantec found an example of spearphishing that appears to be an
e-mail notice of a federal subpoena from a U.S. District Court giving a courthouse
address and telling the recipient that he or she is "commanded to appear"
before a grand jury. The notice also contains a link for downloading the full
subpoena, which actually downloads and installs a keystroke-logging Trojan on
the victim's computer.
A new wrinkle in the now notorious Nigerian financial scam is the Outlook calendar
invitation sent by e-mail. The sender wants to set up a date for paying $106
for the delivery of a package containing $850,000. The sender cautions, "Don't
be deceived by anybody to pay any other money except US$106.00." Good advice,
as far as it goes.
Instant messaging is also being used as phishing bait. A spam
e-mail advertises an online service that will let you find out
which recipients are blocking your messages. All you have to do is
visit the Web site and enter your user name and password.
As it should be needless to say, the U.S. courts do not issue online subpoenas,
it is unlikely that any Nigerian strangers want to send you money, and if anyone
asks you for a user name and password from another account, just say no.
William Jackson is the senior writer for Government Computer News (GCN.com).