Spammers Fake Newsletters Slip by E-Mail Filters

In the latest ploy to sneak their work past e-mail filters, spammers are stealing content from legitimate newsletters and adding malware, adware and links to phishing sites.

A new technique being employed by malicious spammers is testing the ability of e-mail filtering technologies to tell the difference between legitimate newsletter content and messages bearing unwanted advertisements and hidden links to malware sites.

According to researchers at security software market leader Symantec, a new trend is rapidly emerging among bulk spammers where the creators of the annoying and often dangerous messages are disguising their work using real content distributed in genuine electronic newsletters.

By carefully recreating e-mail newsletters and marketing materials sent to customers from well-known sources such as eBay, ESPN and Wal-Mart, spammers have found a new way to circumvent many filtering systems and sneak their work into users in-boxes, said Doug Bowers, senior director of anti-abuse engineering at Symantec.

Very often the fake newsletters look exactly the same as the real thing, with the only difference being the addition of hidden adware or malware code, or more frequently links that direct users to phishing sites that attempt to plant viruses on their computers, he said.

While the approach sounds eminently predictable considering the success that malware writers and online fraudsters have had using phishing sites over the last several years, often producing Web destinations that mimic their legitimate counterparts, the emerging spam model is particularly troubling based on all the work administrators and technology providers have already done to help keep authentic e-mail newsletters from being blocked out by their filters.

When spam filters began to gain popularity several years ago, users complained that newsletter and marketing messages they wanted to receive were being unfairly scoured out of their mail, forcing software makers and systems administrators to create new methods for allowing the content.

By cutting and pasting real newsletters and spoofing their distribution addresses, spammers are turning those specialized avenues into an effective means of delivering their own work.

/zimages/4/28571.gifClick here to read about a recent exploit that was released for a critical PC hijack flaw.

"Its very analogous to the phishing tactics where the creator makes you think their content is something that it isnt by merely co-opting legitimate content and adding as little as single link to the message to hide their work," Bowers said.

"Its created a reversal of a problem from a year or two ago when legitimate mailings were getting flagged as spam; these people are embedding their own message next to reputable brands and getting filters, and end users to fall for it."

Among the common types of content used to lure users into opening the spam messages are recreations of newsletters that offer information on health care issues or popular topics such as online fantasy sports leagues.

Next Page: A method to the madness.