Another Year, More Poisoned Spam

By Matthew Hines  |  Posted 2009-01-15 Print this article Print

While a wide range of malware-delivery methods dot the IT landscape these days, in particular the online domain, the time-honored e-mail borne spam technique remains a popular and apparently useful (based on its pervasiveness) approach - one that will continue to rear its head during 2009, experts maintain.

According to researchers at AppRiver, spam-based malware attacks will follow several noticeable trends over the course of the next year.

In addition to curiously predicting that Clint Eastwood will win an award for "Best Actor" for his performance in Gran Torino (though not specifying whether it might be an Oscar or a Golden Globe, and I have to think Heath Ledger's Joker from "Dark Knight" will give him a really good run for the money), the messaging filtering specialists are expecting that attackers will continue to try to tap into current issues, like the sagging economy, in constructing their disreputable campaigns.

In one such angle, the company said that spammers are already trying to spoof job sites, employment ads and social networking applications in their latest work, and will likely continue to do so. The technique is doubly dangerous because job seekers are already seeking to hand out their information to interested parties.

"With the current economic downturn, many people are searching for employment opportunities online. As a result, malware authors are beginning to focus their attention to career and social networking sites (i.e. LinkedIN,, and Cybercriminals are more than aware that with increased traffic comes an increase in the amount of personal information shared," AppRiver experts said in their "Threat and Spamscape" report.

The company also contends that malware aimed at vulnerabilities in virtualization systems will ramp up in '09, as many companies are moving to embrace the technologies, making them more attractive targets.

Other hot technologies, including cloud computing, mobile applications and online applications are expected to move even further into attackers' crosshairs.

There's little question across the IT security space that Web applications will continue to see the most significant levels of malware schemes, and AppRiver appears to agree to that end. Infected sites and iFrames will likely be most popular formats for such attacks, the experts predict.

"Historically, malware was only available to the user looking for it, or for those who frequented unsavory sites such as adult variety sites. This year, Web‐based malware delivery trends will continue," the company said. "Cybercriminals will host their malware on infected host Web sites where unsuspecting victims will visit and become infected by drive‐by download, or from hidden iFrame attacks."

Yup, more of the same... will it ever end? Sure doesn't feel that way.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel