Tasting the Spam Omelet

By Matthew Hines  |  Posted 2008-11-04 Print this article Print

Now that Halloween is over and Thanksgiving is still a few weeks off, it's time to sink our teeth into something different, or really something that's rapidly becoming equally as familiar a taste.

That's spam of course.

BitDefender's Malware City security blog has launched a weekly spam analysis piece dubbed the "Spam Omelet" that looks at emerging trends and tactics in the unsolicited e-mail space.

Volume 2, arriving today, marks some interesting tides from the vast depths of the ever-shifting sea of spam, including the growing use of the terms "Live" and "Spaces" in campaigns launched over the last several weeks.

Malware City's first observation is that spammers are trying to go LIVE, or specifically, they are targeting Microsoft's LIVE Spaces platform to aim their campaigns at users of the online applications.

"The first spam campaign tries to sell prescription drugs and sexual enhancement pills via blogs set up on Microsoft's LIVE Spaces platform," writes BitDefender researcher Bogdan Botezatu. "The latter spam campaign directs users to an infected Web page which purportedly hosts a video player but actually infects the user's computer by triggering the download of a malicious application posing as a codec."

Botezatu notes that BitDefender analysts identified the involved file as being infected with the Trojan.HTML.ZLOB and Trojan.Agent.AGGZ attacks, a pair of programs that are able to drop other malicious files onto infected host systems.

Users encountering the attacks are also presented with a fake unsubscribe link. However, clicking on it would only alert the spammer that the respective address is being used by a human, the researcher said.

Spammers are also trying to hook users with many offers of "new opportunities" as the economy lags, according to the paper.

"Psychology teaches that human subjects respond better to new things, and spammers are known as masters of deceit. No wonder that spammers frequently abuse the word in order to sell regular products and services," said Botezatu.

As such, BitDefender observed two "new" major spam campaigns centered on the word last week. The first wave advertised an online betting web-service called Poker Savy, which lures users with opportunities to win new gambling competitions, and eventually tries to saddle their machines with badware.

In a second "new" campaign, a system of work at home job offers actually disguises a money mule scenario through which spammers are trying to convince people to serve as middlemen for their crimeware activities. In one such case, participants are asked to take delivery of ill-begotten goods and then re-ship them to others, according to the research.

Also attempting to tap into the economic turmoil were scads of spam runs themed around debt reduction, the company said. In the last week alone, BitDefender said that it observed 37 unique variants of the model hitting people's in-boxes.

Product spam, in particular that which involves weight loss products and other pharmaceuticals was another widely-used theme in recent days.

And while it has dipped ever-so-slightly in recent weeks, Viagra spam remains heavily in the mix, noted Botezatu.

Much of the mdiecal and Viagra-related spam was affiliated with attempted delivery of the Rustock.C rootkit, he said.

Mmmm. Spam. It just keeps on sizzling away.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.

del.icio.us | digg.com

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel