Friday, December 14, 2007

Symantec reveals how the spammers are trying to steal Christmas

Kelly Conley announced the Christmas edition of Symantec's spam report on the company blog:

Here we are the end of another year. As 2007 rolls to a close the December State of Spam Report reviews this past month’s key trends and reflects on some of the year’s most notable spam events and trends.
The report notes that Bill Gates' prediction in 2004 that spam would be eradicated has proven not only to be wrong, but that the amount of spam circulating on the Internet has exceeded everyone's expectations (nightmares?).

This month, three out of every four e-mails sent is spam!

Spammers are even using MP3s, videos, and Google's alerts/searches to spread their seedy marketing ventures to Internet users.

Here are some of the highlights of the end-of-year report:

• Penny stocks use Thanksgiving holiday captions in subject line – spammers using common personal Thanksgiving-related words in the subject of emails

• Replica products a favorite for spammers this holiday season – replica gear has always been a spammer favorite. Spammers are marketing their wares using seasonal words in the subject lines of their mailings

• Spam begins to snowball – spammers collecting email addresses by using a funny .gif that shows a snowball hurtling at you through your computer

• Christmas freebie anyone? – spammers taking advantage of the season to market "free" gift cards for well known companies

• Seasonal lotto scams - in a scam targeted at UK end users, spammers have updated a lottery spam email for a Christmas Bonanza special

The current interest in celebrities like Britney Spears, Lindsay Lohan and the Osmonds were used as lures to get people to open spam e-mails hawking "questionably safe" drugs.

Spammers use whatever is trendy, popular or in the news to trick people into clicking on them. Here is one of the sicker examples of this seen recently:

An attack this month preyed on the public interest in the story of the missing British child, Madeleine McCann. The email contained a link to http://madeleine2007.notlong.com/, which redirected to http://internetwonderful.com/madeleine. The second site is designed to look similar to the official McCann family site, www.findmadeleine.com, however, it actually is set up to distribute a virus. The site also contains an unauthorized use of the Symantec logo and a number of Google ads for anti-virus products.

It should be noted that although the spam email also contains a link to the legitimate findmadeliene.com site, there is no connection between the spammers and the genuine site.

The report concludes it's findings with recognition of anti-spam efforts during the year, such as the FBI's Operation Bot Roast, the SEC's Operation Spamalot, ISP's sharing more information and security vendors employing new spam filter technologies.

We need to remember that spam is the vehicle used to spread 99.9 percent of the questionable marketing and scams on the Internet. Clicking on a spam e-mail can cause a person to become victim of anything from a financial scam to using a unsafe product that is a threat to their personal safety.

These reports serve a purpose, which is to educate the average person on what to watch out for and not click on a spam e-mail in the first place. Since it's Christmas and a lot of us are thinking about the young people in our lives, perhaps this is a good time to educate them on the growing problem of spam on the Internet!

I meet a few older people from time to time that might benefit from the education process, also.

Kelley Conley's blog post announcing the December report, here.

Symantec's December (year end) report on the state of spam, here.

On a lighter note, here is the YouTube video on the 12 days of Christmas Spam:

No comments: