Spam Outbreak
Every so often, we observe certain spam campaigns that catch our interest.
On August 15, we observed a particular spam campaign that caught our attention because it was using “snowshoe” spam techniques combined with PDF exploitation. While neither of these techniques are new, we have seen a growing trend involving snowshoe spam.
Snowshoe spamming is a spamming technique in which the spammer uses a wide array of IP addresses in order to spread out the spam load. The large spread of IP addresses makes it difficult to identify and trap the spam, allowing at least some of it to reach email inboxes. For companies which specialize in trapping spam, snowshoe spamming is particularly noxious because it is difficult to trap it with traditional spam filters
Despite the large number of IP addresses used in this spam campaign, the messages themselves appear suspicious due to the spam-like characteristics in the headers and body of the message. Message in this spam campaign have a subject like “inovice 2921411” where the number in message subject is randomly generated and the word “inovice” is misspelled. Later version have the invoice correctly spelt, which means the spammers are refining their campaigns.
We have noticed that this type of scam is accounting for 10% of all scam.
Here is a snapshot of spam emails with malware attachments sent to my address over the last few day:
Snowshoe spam can be a challenge for some anti-spam detection techniques because it typically uses multiple IP addresses with very low spam volume per IP address. Depending on how an anti-spam technology works, this can cause severe problems with detection.
Fortunately, good anti-spam service providers are updating their databases to combat these types of spam. But due to the nature of the snowshoe method, there will always be some spam that gets through.
If you do not have an anti-spam service, please contact Optima on 020 8445 6700 and we can set one up for you.
Note: users who do not keep their systems up-to-date, do not utilize security technologies, or click on attachments from unknown senders will continue to be affected by these types of attacks.
On August 15, we observed a particular spam campaign that caught our attention because it was using “snowshoe” spam techniques combined with PDF exploitation. While neither of these techniques are new, we have seen a growing trend involving snowshoe spam.
Snowshoe spamming is a spamming technique in which the spammer uses a wide array of IP addresses in order to spread out the spam load. The large spread of IP addresses makes it difficult to identify and trap the spam, allowing at least some of it to reach email inboxes. For companies which specialize in trapping spam, snowshoe spamming is particularly noxious because it is difficult to trap it with traditional spam filters
Despite the large number of IP addresses used in this spam campaign, the messages themselves appear suspicious due to the spam-like characteristics in the headers and body of the message. Message in this spam campaign have a subject like “inovice 2921411” where the number in message subject is randomly generated and the word “inovice” is misspelled. Later version have the invoice correctly spelt, which means the spammers are refining their campaigns.
We have noticed that this type of scam is accounting for 10% of all scam.
Here is a snapshot of spam emails with malware attachments sent to my address over the last few day:
Snowshoe spam can be a challenge for some anti-spam detection techniques because it typically uses multiple IP addresses with very low spam volume per IP address. Depending on how an anti-spam technology works, this can cause severe problems with detection.
Fortunately, good anti-spam service providers are updating their databases to combat these types of spam. But due to the nature of the snowshoe method, there will always be some spam that gets through.
If you do not have an anti-spam service, please contact Optima on 020 8445 6700 and we can set one up for you.
Note: users who do not keep their systems up-to-date, do not utilize security technologies, or click on attachments from unknown senders will continue to be affected by these types of attacks.
No comments:
Post a Comment