Thursday, January 25, 2007

Symantec warns of newsletters and "legitimate" advertising being hijacked!

Viagra with your Fantasy Football?

Spam is getting worse than ever, and a lot of spam filters don't seem to be stopping it. Even worse, legitimate mail is being designated as "spam" and placed in "bulk folders."

I find myself having to review my "bulk folder," daily.

Symantec is reporting a new "sneaky" spam tactic being seen out there. Legitimate newsletters and advertising from well known organizations, such as Walmart and ESPN are having ads for Viagra (example) inserted into their publications and sent out as if they are affiliated with the product.

In essence, the spammers are "hijacking" legitimate publications.

As reported in the Symantec Security Response blog by Kelly Conley:

We've noticed a tricky new spam tactic occurring recently and thought we'd share it with you. It’s always exciting when a new spamming technique comes along and it’s even more exciting when our filtering capabilities are successful against it. Most users running our product will not have seen this. Spam filtering can still protect you from this “new spam technique,” but, even if you have seen it or even opened it, you probably gave it a one-two glance and wondered “Eh? This isn't what I thought it was.”

The headers are legit – coming from a newsletter or ad that you have signed up for. You should be receiving this mail, right? Nope, it's a spam email. Look closer. There at the top of the page. It's an ad for something entirely different than what you thought was going to be in that email.

Kelly's full post, here.

Symantec's researchers have noted these "faux" (fake) images inserted on legitimate pages, or when the page is accessed - a "pop in" spam message appears moments later. They've also noted that the spammers seem to be able to control how many messages are sent out. No more than one a day is sent to any particular e-mail address -- and a different legitimate newsletter, or retailer is used each time.

According to the researchers, the motivation behind this is to (probably) make the reader more likely to read the message (believe it's credible). This method is possibly also used to in an attempt to trick a lot of the spam filters out there.

The good news is that - according to Kelly - Symantec's filters appear to be catching almost all of this.

A lot of us laugh at spammers and their "seemingly ridiculous" advertising, but the sad truth is, they wouldn't be sending it out if unless some people were falling for it. And that person might be one of your grandparents, or "younger relatives."

Even worse, the products they are "hawking" are questionable and in some instances, dangerous. In addition to this, spam is also used as a means to hook "victims" into all the various Internet scams that I frequently write about.

Symantec covers this issue "online fraud" (and others) on their blog, here.

Screenshot (below) of Kohl's ad being hijacked to sell drugs

No comments: