Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Spammers Fake Newsletters Slip by E-Mail Filters



 By: Matt Hines
2007-01-19
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Network Security & Hardware story.


  Table of Contents:
  1. Spammers Fake Newsletters Slip by E-Mail Filters
  2. ' A Method to the '

Rate This Article:
Poor Best
Spammers Fake Newsletters Slip by E-Mail Filters
( Page 1 of 2 )

In the latest ploy to sneak their work past e-mail filters, spammers are stealing content from legitimate newsletters and adding malware, adware and links to phishing sites.

A new technique being employed by malicious spammers is testing the ability of e-mail filtering technologies to tell the difference between legitimate newsletter content and messages bearing unwanted advertisements and hidden links to malware sites.

According to researchers at security software market leader Symantec, a new trend is rapidly emerging among bulk spammers where the creators of the annoying and often dangerous messages are disguising their work using real content distributed in genuine electronic newsletters.

By carefully recreating e-mail newsletters and marketing materials sent to customers from well-known sources such as eBay, ESPN and Wal-Mart, spammers have found a new way to circumvent many filtering systems and sneak their work into users in-boxes, said Doug Bowers, senior director of anti-abuse engineering at Symantec.

Resource Library:

Very often the fake newsletters look exactly the same as the real thing, with the only difference being the addition of hidden adware or malware code, or more frequently links that direct users to phishing sites that attempt to plant viruses on their computers, he said.

While the approach sounds eminently predictable considering the success that malware writers and online fraudsters have had using phishing sites over the last several years, often producing Web destinations that mimic their legitimate counterparts, the emerging spam model is particularly troubling based on all the work administrators and technology providers have already done to help keep authentic e-mail newsletters from being blocked out by their filters.

When spam filters began to gain popularity several years ago, users complained that newsletter and marketing messages they wanted to receive were being unfairly scoured out of their mail, forcing software makers and systems administrators to create new methods for allowing the content.

By cutting and pasting real newsletters and spoofing their distribution addresses, spammers are turning those specialized avenues into an effective means of delivering their own work.

Click here to read about a recent exploit that was released for a critical PC hijack flaw.

"Its very analogous to the phishing tactics where the creator makes you think their content is something that it isnt by merely co-opting legitimate content and adding as little as single link to the message to hide their work," Bowers said.

"Its created a reversal of a problem from a year or two ago when legitimate mailings were getting flagged as spam; these people are embedding their own message next to reputable brands and getting filters, and end users to fall for it."

Among the common types of content used to lure users into opening the spam messages are recreations of newsletters that offer information on health care issues or popular topics such as online fantasy sports leagues.

Next Page: A method to the madness.





  Reader Comments: Spammers Fake Newsletters Slip by E-Mail Filters
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Network Security & Hardware Articles          >>> More By Matt Hines
 


x}kSȲ!bCg}.~mO0O`wszb#T5Ȓ$ˍ7C@0w[UʪWeee}GggD]ݴ1p͙M55|zg`HRsgޅ-34 @oRQP ĠxnwݶN`P'~ > \?g3U;Y|LNZ]@ZSˆ辥{$)5< \g4"1lp2E9$7 \hyiVpA'ס,jO`U[۾xwgy@ffrt KJozcnć!LjZ L|:j/EӝF3l˸-:4 PS+}(Z+{1ك;ho>;W)EsvU ! mݹඒk%ms|uO}~N6ox9vtx//0wFD_jQEVKi/LZHWP u.jzQҏ[F-Z%MR?4,fϷ3+i*H,GQD~6/NM㳣NlL,!V4*V]?#;ˠjqszr|qӹwIAұ,Oȿ;Be}Y 4ӗ?ReQ So,o0Hˤd8[&r, ߱n\S@`hoNX uZPĿ"E/'ݸäppw>-Fv93{Q {>0iCkJQD$i-D@wM0Ie+f!S@uG Lν߂2àF{7t( ,/#0/ Zm{Ae^~}̢!1Y@X{`soweC93(u`Hd˕F }"@F>H>'!hI#r B,`@n%`9 P  ar Tt@Gҹ;vjP)hJ9cb -x[b}ILgF2+ɨɬaX91yMf#T`"[ᛥLKak`Dݘ,CMۯ!M{ڣeX}=˚hf&i [NHNt0jHB\UGeyB9@c߽p7,kQ2G6Êi֜ᄂ"s2:yBSˁ2&$vW"tChj5XjocsYlE^UX!t3tTkyӏϞS ۀ}Q1R5i5) w$mrn)RЛv!s9n! xW.Y 2gxRUyQtʝ+PXY3V7\EYbꞦ5XScXM`D~wzb0qm/n1NaV|\vΖuV"kͲG{_No6ʞviZZ @eY mc-׾0^Ԣ,a|u(" !lsiŴ,B /0|:Cb&^&thQ?mM `5}pöV/UKW+@-tX)Z-a5sV@6d@7h`L DolVCax5ZǮAwm<_D.>q  cp6X2ĂM ' [BSjj3Ä烄7@ƅ/Љk`{:ߟ{ ҋCמO=Kwaﴽ.J-.bFh>n GC=1ɉV*a0Y6؋T,{}ݛtļZA_@iTW+JIUӨckLĽf2,rGmAuF֝9BQZ>-B.,g \jpj ZLpsAqA0,]y.*?wVV0\n}єa˘;|qףm*IHrIQ)kMf9oLq3 iȐ0ҁq_HEy[kpp\U.)L,:z  [ Hg [QzoSCz+n @zK& GqӞrVyCfZa0K=y2kR^K? aYjP3)'@S,f0Ɓ;T|Moũ1FtYJo0t *tɕ>gs||ujN8adEc>eLZj9aJ;=J%GhӐBDAe S#<~Ɋ0 ClW õ8X1 pWPR}PeO#cIeA:ݐ늦 uzVE@GqHؽNHuҚ n;@+%l| ?ԊN`έ(D a43Sb_@7T_/=4xEs‡1"ክ54f;NGw 6Jh)XS!bW hĞe~g׆gayϤ͋h|5|l3HNQMG9F)\,[5^-0;3kFH]'vN'_&ƦF}^D ϓGjZ%5,09EW>|6Œu+l?g`̦W`p1\EAPBl̓Oe*r1_?K= [L޴F@V1'`{7=;%4OQ5rRd2~6P}m*lZǐlw\Oćp懿ԫfS΁MOT%0="c^f.g|]٘zֱ4> ʀkhG2cdYrHUm{\ cg2|UL.]/$RQr+Ձ΀,OxV֪EzXz,)uzh "RrMY7uȋ­7:P'#IȕO?2:i1TʵRM()Co잔4rOk,ZKqXKkp9 -2j=uR/fKܥ@vܖ[J,]> Ba u( =(tם. 21簤v ˽'jH@KYPq+Z}_@iuI+KZ̡=2f{cV$}/ \FI's3ҿ﹮ BDSwgtsć) RfCZִ2Hw ضVU 'D.,ӄ1ZrVS"YK@rvzJ5+ ePext|{W !&1ǷWXL\tKMWF@"'!M43,`jRU\ό&ݽ]VWv&/!(0H_dhmdU]uv@Ώ.}绛I쀔4O}ڽKcϻ$VBL0B_XH!)$ze*K<;iw[( 6[F_E'K; uR-g[M7S+dIGD_q-5'=?U[k't>!94|YQ$K 21xc|.A-6ԾJ9 4SJd"8Q%;)~ڰ{, /D=:dSNM(ia-uyjdJ9#S"\ 6L P,OҴy=#lQ1 i(K"ih$lbTȆRoNwպ6<5ަm晿BƗHȣ ,-I+4$/CiA0;ǭHR#EhqeP>Xki)i[YUH+?vƇ!qbwyAH0GW倜b{~T߯Il;up=q"?h9#7:NjG/sy"O+:Q ,':]@_zϜGoIM21ɘKԍ A/sBk4GלO)|si9<3m~`'6"%(\s")Xf>VAkv,x\J|[<,'Mw[1CN'~.?@ 6W{$ N FP ߼=Foq>P]9Yz$AC~g}\0n;z{w6bOf07+۝l9niamơ8 J~l'Mt:DjE[c{wC9Ȫ̙S.{R؉~'g#3^q:-: &n_%3ތ<яKi^dΠt4s }!F.`0.s!T xBo~˸aW*]c{*{w}wo]VZtCqB1Vx/)&%ϓEL @OKtGY_BQKwv{쬐kY\xlSOo ?ֈ '|ȞcԶىǣy|Syg,daз؞qaLd<J;moݍn T f_!O#%FJ ,Q`mZ 9_к õQ`VǴ pqFԱQo*_O6oNƂ1f̙ʈ1Wc/*I21  \i{\nEaQ(^ h }"s(u‰KݴC&SˁUm[[9u@W yWwGTa)d''uǏ5ba9HH6/}p8x2ϒYfCU՚Skk5/tk4pBXl O`D,h ;r ublRkcT՟chܤX8?n$[4ig=P!`@MDJ}uQVʵnKj &C @[N܇m5#AŤR0!Q^y{8~lw_@yt'O[*#emyp./hN-ʂA<M%0B%BfD"{ )M? 3 qo;֯,_U*xϩJJE*)or(M{:%;]/E+ a%X{I*RL@\'N?Yq<z ]BFC}txjlEJZeS(}!T_(-gFf7n$rv]H 0hC# 5b"Bmn\u+ I P)_J\X?P)JH]Jjc. +Ƹܱ0Y EV@ZR-G|Hr78j%[fH̫M_q^O$T7ʋ3=J1ydsC lk s2R邥 9#X1Ƴ 0{]z)X{sw@՗MvхtMyPD0$ Ȕ>l x֟J,`$,Bxt0^QdconxsQ>H>;>.KjE͡/U!^ć0xb;ۋE[OE-ܮK*D3Y^G0|q57777wV˕rD^6T153[7J )ZwTR(-Ӟz;`"q_gUHK1]BKpA-DqlčJUnb@C"%Xoئj_GaUFh}qt6_$NF깘ݗg> ޕxKl@uƎ-VVBxwa]' >;.'zYW64_a1alHاɉuϩ nL<k#EN3p +iGך(W[{2g$BL 2tvoM kb-g!Lߥ<5^8ctn},]ɒ g[&jwCt"Y5loAOs}ٗ{c( sWat|k3O ?qҞ85וi^v'ufI VSwj!ITap}jhTR״HdiZTϡVR*jZ?";М }}yj]SjZYS#qc9j(^yUȵF 5ꁅ㟁K\ɨ':gۍyd䕊V.իuߞz@#TX,L0 ,kG *& :-o?V-F]ώ>QHJ>*bWD{_` ׍ kd4̉b _`i*pM[d{=y-h<#Թ|A'\\sjό\3ʒNq&Yqoͳ.0,&ntNtGw,}@8Q͜|D`D>FS.oJ^j$'p ?>|6ژyiF4YNgMr'ǯ\ix##k3`y rF@YfOG P56wD:noH9l~V l33c`#{a2 ޚ>."Ԙ8 (żSLɉ  [zqeL\V!̆\nX\x:L$!i ?͇˞0Qݹ!?1! g@L-GaTiAX#hBGH[1~s?3uǸ')45A! ^C. ,SwII!6s0װÞ1S|??~e KHB}s ^7є,0 uA"\2,Gza~2?y :ROLzy 6t(QS=1U& g cR[7eIE^~|NR] $Bq0Ӝhp:߰|cm|?뽉e2'{xbRWkJ%zuweX ztkwyDfU3{8~BOSr%+ %uV0`A i2bg4t\Kb{$$ ڟ`yZWWiuMzzם~{I<5m[4z?V9|>^}>\;}L+0 l\_dj(,Ǜ,# rzٺh3;eFq*M1B*r<M`5ݙ? NL*a^e5DM@+}qL[񏙏up :Ϗgg:,/>/ry2gSNS~909{ s?09ׅws͑?]/rqCWU@?9Ӄr߃r__P>'(W3OO9rߛorڿɡ=>k]T(RhK "S^9,.OsȦc˼=>w懴Ixո]@&J2W[O'ikz(s<2g!h{dZc+mDgcR?'%YØ/ܻGzʉnS'\2fA4'ԎlOAp^Ew9eyk %> SG0ݹ=M%\ڎwڝGf{ueePsvdmoCd y^$ٝx|G]Vl<-t&n\ef(/@FAt p?'@/kOg >赏?^woҾlZ36J쓭Æ>a#^*B8DCw0p= ʼnS ;wMm=SO_ NW镆.h ;cv-@7maIP5ZUj;5" #&Q5YUdN.jUeRL3DAyg l]{̾ZCO3CX)ḇ̺n5G P }:gll*Yۼx0l|yN Nx@7 ,5w;SŨЫِ@ޖ΂3,7;tp) ߄`-kD2Ydpc l$'4ǭa&r2@8Xh xqSYF Tz\^:&3!Mť{6Tx| "e*G)L 'Q0Ygq˭d<@T6?rށw $}HN,6zoM#+fUxш/C4tpWGۀYyyVݎ/Zha5) RB Iv͘2 >Q] ~ފjd!׶RA#>7q>+scX0Em,?hPxUE0P$=CbJǣ0ΤDAR~hqjF߮eh#iM &Ax&.W5b8gC“J'rBzc{[/I)H(\dz\g;EMv 7&R,`+/2^;' gWbz`#YұߞR DOQ[ |qK:AߎKd/-YoˊL3t#()JqIȥI񿄷zH,爔事6SAQ^|B,[Kl`NB`t0p"sSax~/[v2 S*4%SЌxS:xEy?ĵ MPt[:SAW Cr 3қ![c *|?OGe Mt8͡okn>7q$LsizQڃ`+슧}0uGĦrCR4mLepwRc%xdv69qSՃ@Dqg˫HvxGml<"^:uGW=Q'nGalh[d%+^F%!ҶT)V#ʥ.Sܟ?Ca҃fF_X (K# LwEN8u vKѪ v7"!a^o1n%/$&@Ss=V*)ve6r!*l XGڦZ-Qa[Anb=x辉=e-{B70* <Ǹ9m@>{zw1G[0rczz7Y=W'8K Ӿcd.GXI@ Ik.-wvua4,Lb9"[^'QI 8`RжX3,@a)5BO7 S O80Ux|-h\l};ݘ_e9Lgޜ"?P߯Ed+KW̵Mv+:14Mo,/`kVTF igA0}Us>]/uM+_0dF-<#Dg˳̆UZ*$4o)FҢpL\岞+ziKmw9n~뉘HOa6%s\ɜKBS+4WY/WiS}* Cf'ʱ wm&lult61͝*Y*