Swine Flu Spam Spikes In May: McAfee

Swine flu spam was the attack du jour in May for spammers, who sent more than 5 billion swine flu spam messages a day in just six days, according to a McAfee June 2009 spam report released Monday.

According to the report, swine flu spam represented 3 percent of all spam in May, jumping from nonexistence to record levels as spammers capitalized on the pandemic scare with messages that offered everything from government-issued health alerts to life-saving drugs. However, the report found that many sites that used swine flu in the subject line to lure users were found to be generic Canadian pharmacy Web sites soliciting genital-enhancement products.

Perhaps not surprising, pharmaceutical spam experienced a sharp increase and maintained a solid lead throughout March, the McAfee report said. And while the Internet worm Conficker did not directly distribute spam, numerous spam campaigns emerged following the high-profile, well-publicized Conficker update scheduled for April 1. Spam volumes nearly doubled between April 1 and April 8, moving from a three-month low to a four-month high during that time.

Some of the biggest spam campaigns included tax scams and enhancement drugs offered via image spam, in which researchers found an attached image and a reference to a Chinese Web site for purchasing enlargement pharmaceuticals.

Swine flu spam propelled the existing trend known as headline spam, which uses high-profile news headlines as a hook to lure curious or fearful users to click on malicious links or view malicious videos. Often, the headlines in the subject lines are sensationalized or capitalize on users' fears.

The McAfee report also indicated the increase of spam messages that impersonated the look and feel of social networking sites such as Facebook. McAfee researchers reported an upward trend of Classmates.com spam, which emerged during the last week of February, and then spiked rapidly upward throughout the first week in March. The wave of Classmates.com spam coincided with an actual Classmates.com marketing campaign.

Meanwhile, users also were pummeled with a barrage of Facebook spam throughout March, according to the report. In both attacks, users were directed to click on a link that claimed to be a "FlashPlayer Installer," but in actuality downloaded information-stealing malware on users' computers.

The Classmates.com and Facebook attacks are part of an existing spam trend known as "branding," which uses well-known or "branded" names to entice users to click without looking further to determine if the messages are legitimate.

And exploiting users' annoyance with spam, more spam included "unsubscribe" links that in actuality were designed to steal users' login information or bring them to malicious Web sites to download malware, the report stated.

Adam Wosotowsky, principal engineer for the McAfee Avert Labs tactical response team, warned users that spam campaigns have become more sophisticated, as attackers compromise accounts and capitalize on well-branded news sources to appear legitimate. "More people are falling victim as clever spammers hijack popular brands to trick users into divulging sensitive information or opening up their computers to attack," he said in a statement.

Meanwhile, not all spam trends were up. Obama spam, which skyrocketed after the November election, plummeted by 90 percent to record lows following the January inauguration.