8 Hot Summer Spam Trends

You know it every time you open your inbox -- spam is here to stay. No doubt, spammers are refining their strategies, and become more successful than ever. In the past 18 months, spam levels have risen exponentially, now conservatively representing at least 80 percent of all e-mail messages.

How can that be, you ask. How can people still fall for the same old tricks? Whatever the reason, spam works. And it works well. If it didn't spammers would give up and (presumably) pursue other endeavors.

The following Symantec July 2008 State of Spam Report follows some of the most salient spam trends you'll see out there.

Congruent with past trends, spam offering a wide range of products and services -- such a devices, clothing, makeup, etc. -- comprised the largest category, followed by financial spam that contained references or offers related to money, the stock market and other financial "opportunities." Meanwhile Internet spam came in third place, defined as attacks specifically advertising internet or computer related goods and services.

At first glance, it looks like your typical Nigerian 419 scam. The twist is that the e-mail comes from what appears to be a trusted source after a hacker hijacked someone else's account and sent the spam e-mail message to the victim's personal contact list. Friends of the victim were urged to respond quickly via e-mail. The hacker was also sure to include the victim's signature at the bottom, in a seemingly convincing proof of identity.

In this particular case, the hacker was able to obtain the victim's online auction site once the miscreant had access to the victim's e-mail account. He/she then began bidding on a number of laptops sold in the U.K. and instructed that they be redirected to Nigeria.

Security experts say that this type of scam is hardly an isolated incident, especially as hackers develop more sophisticated techniques to spoof accounts and obtain passwords and other personal information.

In June, Symantec researchers observed that certain spammers had refined techniques to simplify their e-mail harvesting process to get a guaranteed hit list full of bona-fide e-mail addresses. Methods for this kind of rapid acquisition include creating and sending spambots that crawl the Internet looking for e-mail addresses. Spammers lately have bombarded an e-mail server with addresses and then stored those that don't bounce. They have also obtained addresses by purchasing entire lists from other spammers or criminal organizations.

However they're obtained, these lists guarantee that spammers can send messages freely, without having to worry about being caught in spam traps or being blocked by those pesky spam filters.

In years past, Japanese dating spam was like most other dating spam (er, we've heard). It contained a suspicious URL in the body of the e-mail message rerouting victims to another site. However, the new version of Japanese dating spam does not contain a link but instead two keywords. The attacker then requests that the victims use the keywords to search for the dating site on the Internet. The keywords also happen to request personal information about the user, such as hometown and user profile, providing the attacker with more information that can potentially be used in identity theft.

Whenever tragedy strikes, spam is sure to follow. This spam follows recent trends that capitalize on, and exploit, tragedies or high profile media events, to entice people to click on links and visit malicious Web sites. This message uses the Chinese earthquake tragedy to further a virus -- with the subject lines that emulate news headlines.

There is even one headline informing readers that the Chinese Olympic Games might be endangered because of the earthquake. A single URL is contained in the body of the message, which, when opened, displays an image appearing to be a video screen. However, instead of a news report, the user is treated to a malicious executable file that is silently installed on their computer. The executable, in actuality, is a version of the Storm worm known as Trojan.Peacom.D, a malicious bot that downloads information-stealing code on affected PCs.



While the Chinese earthquake tragedy is currently the headline du jour, spammers and cyber attackers consistently use on large-scale events as the bait to drive significant traffic to their infected links.

With all the lottery scams out there, many people still want to believe that they have won some kind of lottery or prize drawing (even if they don't remember playing.) Last month, researchers detected numerous scams appearing to be from the Beijing Olympic Committee, allegedly announcing recent winners of the lottery for an Olympic promotion.



While in general attachment spam is dissipating, some of it is still very much alive. This attachment informs "recipients" that they have won a random drawing selected from a list of e-mail addresses. However, in order to claim their prize, they need to respond via e-mail -- as well as submit personal information that can later be used for identity theft or sold to a criminal underground network. As the summer Olympics heat up, be prepared to see a barrage of Olympic-related spam.

Thought you could get away from spam by sending messages from your smart phone? Mobile phone spam is not new, but it seemed to experience a revival last month, researchers said. In many countries, especially Japan, smart phones and other mobile devices are frequently used for a variety of functions -- including e-mail. Not surprisingly, spammers are targeting mobile phones en masse, offering everything from porn, to products to adult dating services.



Some of the recent spam is specifically formatted for the mobile device and contains links for mobile users to access. Additionally, the URL is designed with a certain look, height and width so it can be visible on a small screen. As people increasingly turn to their mobile phone to perform laptop functions, spammers will be waiting.

It has long been established that spammers exploit popular media headlines to accelerate the distribution of their messages. And when that doesn't seem to work, spammers make it up. (Yeah, hard to believe, eh?)

Tried and true, spammers will often send bogus, but enticing, news headlines to lure users to blindly click on the messages or the infected links. Some of the recently discovered phony subject headlines included:



White House Hit By Lightning, Catches Fire

Latest! Obama Quits Presidential Race

Egypt Giza Pyramids Rocked By Massive Earthquake

Great Wall of China Damaged By Earthquake

Oprah Found Sleeping the Streets

Donald Trump Missing, Feared Kidnapped

Eiffel Tower Suffers Structural Damage, Collapse Possible



Of course, these eye-catching headlines are meant to, well, catch your eye. But only so you can open their spammy e-mail messages and click on their malware.