Spam in the Neighborhood

By Matthew Hines  |  Posted 2009-04-05 Print this article Print

It seems like everyone is putting out their spam stats this week...

It was inevitable that mass mailers would begin using more localized information to target their spam at end users, if you think about it they've already been doing that for a long time, depending on what language the messages display when they arrive in your inbox.

My personal favorites are the ones that show up in Cyrillic but still use the words Viagra or Cialis in their subject lines... then at least I have some idea what I'm opening.

However, as spammers continue down the same path well travelled before them by brush salesmen and telemarketers, they're using increasingly more localized marketing techniques to attempt to lure in unsuspecting end users, according to several recent research reports.

Phishing has dipped down to the local credit union angle for a long time, it should be noted. But, in addition to using shorter runs of messages aimed locally to help evade spam filters looking at cross-infrastructure activity, spammers have also been employing more socially oriented techniques to target users, some researchers contend.

Among others, experts at messaging security vendor Sendio have called out the recent trend toward local spam campaigns. In a recent research summary, the company's CTO, Tal Golan, highlighted the use of methods including the spoofing of local news events, and regional news portal domains, to convince people to click on the (frequently malware-infected) URLs that spammers are trying to pawn off on them.

Between the improved marketing and a rise in the local messages' overall percentage of e-mail traffic, the localized spam campaigns represent a noticeable trend, researchers are saying.

"This new methodology is the next salvo in the spam arms race, but is really just an extension of the social engineering threat vector that has become so popular and effective in the last three years. While it's difficult to determine exact figures, our best estimates place social engineered location-based attacks between 10-30 percent of all unsolicited e-mail," Golan writes.

Sendio goes so far as to cite the successful, though temporary, results produced via the shutdown of major spam ISPs like McColo as an inspiration for spammers to adopt new strategies. The attackers are wary of relying on centralized operations the thinking would seem to say.

"Unfortunately, social engineered attacks, specifically those using location, are proving to be highly effective at soliciting the all-important click from the unsuspecting victim," Sendio's Golan said.

Using IP address-based geo-location tools, it's become increasingly easy for spammer to figure out where a specific company, say a newspaper or TV station, has their e-mail servers located. By incorporating both an actual news headline and a domain name spoofed from these targets, the spammers are able to attract greater numbers of people used to receiving content from local providers, according to the expert.

It's not really that surprising that spammers are being forced to up the ante as users become desensitized to e-junkmail and stop opening it on as frequent a basis in general.

In fact, I'm sure that actually at some point we'll see more spammers and malware attackers going after the people who actually live closest to them -- to blend into the crowd and avoid larger law enforcement efforts, and to target people with content the spammers know is on the top of their minds.

You'd have to think that any Opening Day-themed spam might do pretty well today in big-time baseball towns like Boston, Chicago, Cincinnati and New York today, for instance. For now it would appear that remote attacks are merely finding ways to play off well-established spam themes wherever they can find them.

But, pretty soon it will probably the spammer next door, asking if you've got an electronic cup of sugar... or, you know, if you might need that little blue pill for after the block party this weekend.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel