ITBusiness.ca

Spam messages masquerade as Food Network e-mail

Spam e-mail is making a swift rebound since a spam-friendly hosting provider was taken offline just two months ago, in part thanks to a technique that disguises spam as legitimate e-mail marketing messages.

After San Jose, Calif.-based McColo — identified as a major host of organizations engaged in spam activity — was taken offline Nov. 11, there was a dramatic drop in spam levels. Spam went down to just 50 per cent of all e-mail messages sent from levels above 80 per cent, according to security vendor Symantec Corp.

But that dent in the spam market has all but been erased, as levels have now returned to 70 per cent of all e-mail, according to the January “State of Spam” report from Symantec. The vendor conducts its scans at the SMTP layer of e-mail.

“It’s clear spam levels are creeping back up,” says Dermott Harnett, principal analyst of anti-spam engineering for Symantec. “It really shows that the economics behind spam are clear in this day and age.”

Spammers are having no trouble finding new data centres and hosting providers willing to flood their messages across the Internet, Harnett noted. He said spammers are also still making money off of their unwanted e-mail bombardment, so they have a great deal of incentive to continue their activities.

Part of the renewed spam deluge includes a technique that is both effective at bypassing anti-spam filters and harmful to legitimate e-mail marketers. Spammers are stealing e-mail templates from well-known names and brands and using them to disguise their own spam advertisements.

There is nothing affected companies can do to prevent this from happening, according to Peter Firstbrook, research director at analyst firm Gartner Inc.in Stamford, Conn.

“It’s impossible, there’s nothing they can do to stop it,” he says. “We’ll probably see a lot more of this in the future.”

December saw a sharp rise in spam that effectively piggy-backs on legitimate e-mail newsletters. One example cited in the report is a message appearing to be from the Food Network.

The e-mail “Reply to” field makes it appear the message came from the Food Network and the message content contains the network’s official branding and header.

But inserted underneath is a spam advertisement for pharmaceuticals. Clicking on the link will take recipients to a URL of a spammer that promotes various drugs.

“They’re trying to hide behind the reputation of legitimate e-mail senders,” Harnett says. “It’s a re-emerging trend that we’re seeing over the opening days of 2009.”

The method was last popular in December 2006, he adds. It is designed to bypass content-analysis based spam filtering that balances legitimate content against typical spam content to decide if a message should be blocked or not.

Success enjoyed by spammers reveals the weakness of that security approach, Firstbrook says.

“It’s a good way to hide in plain sight,” he says. “The sender can always be spoofed.”

A better method is reputation-based security, the analyst adds. Identifying an IP address from a spam e-mail source and then blocking it is an effective means to stop receiving spam.

Still, that doesn’t provide companies who find their brands hi-jacked by spammers with much recourse to recoup damage to their brand. The Food Network may find themselves the recipient of some nasty e-mails complaining about the spam message, for example.

In the absence of any real solutions, companies may have to educate e-mail recipients about what to expect from their e-mails, says David Senf, director of research for Canadian security at Toronto-based analyst firm IDC Canada.

“It’s an evolution from what we’ve seen in the past,” he says. “Initially the attacks were based on a generally well-known brand, and now they are starting to get more specific.”

Legitimate e-mail marketers should always obtain consent from those on their mailing lists, Symantec advises. Then they should inform those users of the types of messages they can expect to see.

Companies can also avoid requesting personal information with URL links in a message. Spammers will often spoof a URL so that a link to a certain address turns out to be something else entirely. So try asking the e-mail recipient to manually type the address into their browser instead.

Other findings in the report included:

Exit mobile version