Spammers From Hell

By Matthew Hines  |  Posted 2008-12-19 Print this article Print

Well, one of the positive things that you can say about spammers is this... they always find a new way to get their message across.

Having seemingly exhausted every manner of injecting their unsolicited marketing content into e-mail subject lines and message bodies as they've adjusted to anti-spam filters spammers are now turning to e-mail sender fields to get their adverts in front of end users.

In a recent blog post filed by researchers at Trend Micro, experts outlined the twist in tactics by spammers as they work to continue to pitch their wares to the messaging masses in the face of so much technological innovation by their counterparts.

As highlighted by researcher Mary Ermitano, the attackers have begun placing their fraudulent content in the "From" field and not in the "Subject" or in the message body itself.

While filters have been trained to scour almost everywhere else for common spam content patterns, the From filed has remained largely ignored, until now, the expert said.

"The spammers behind this operation are doing this to bypass antispam products. Analyzing the sample email message above through text editor, we see how the From field is literally a common content found in scam messages. Spam filters may already be blocking messages when similar content are detected in Subject fields and in message bodies, but not in From fields," Ermitano notes.

As a result, many of the messages are likely to find their way to end users and propagate whatever attacks the might bear.

"Because it still is able to get the message across, these messages may still lure recipients into contacting the spammers through e-mail addresses and phone numbers which are also given in the same email message," writes the expert. "The scamming usually happens here, as in several cases we've [discovered]."

So, as it has seemed for some time now, whenever something is done to slow spam, the spammers invest something new.

I'm sure that you can see where I'm coming from.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel