Spam More Creative, Better Targeted

Symantec Corp.’s latest report shows increasing sophistication and volume of unsolicited e-mail

Thirty years after the first unsolicited e-mail advertisementwas sent, the phenomenon now known as spam is continuing to grow --and becoming more sophisticated, creative and malicious.

Spammers are now “subpoenaing” their victims withofficial-looking court documents, inviting them to schedulemeetings on their Outlook calendars and offering to put them inmovies, according to Symantec Corp.’s monthly “State ofSpam” report for May.

“During the month of April, 80 percent of all e-mail wasspam, with that number jumping as high as 87 percent attimes,” the antivirus and online security company reported.Those figures are based on Simple Mail Transfer Protocol-layerfiltering at the e-mail gateway and do not reflect the volumes ofspam detected at the network layer.

Although any unsolicited and unwanted commercial e-mail can beconsidered spam, a growing amount of it is fraudulent or otherwisemalicious. A growing concern is the practice known as phishing,which uses a variety of e-mail baits to lure victims into providingpersonal information or downloading malicious software that cansteal the information. A subset known as spear phishing is, as thename implies, a targeted attack aimed at specific individuals.

In April, Symantec found an example of spear phishing thatappears to be an e-mail notice of a federal subpoena from a U.S.District Court advising that the recipient is “commanded toappear” before a grand jury and giving a courthouse address.The notice also contains a link for downloading the full subpoena,which actually downloads and installs a keystroke-logging Trojan onthe victim’s computer.

A new wrinkle in the now notorious Nigerian financial scam isthe Outlook calendar invitation sent by e-mail. The sender wants toset up a date for paying $106 for the delivery of a packagecontaining $850,000. The sender cautions, “Don’t bedeceived by anybody to pay any other money except US$106.00.”Good advice, as far as it goes.

Instant messaging is also being used as phishing bait. A spame-mail advertises an online service that will let you find outwhich recipients are blocking your messages. All you have to do isvisit the Web site and enter your user name and password.

As it should be needless to say, the U.S. Courts do not issueonline subpoenas, it us unlikely that any Nigerian strangers wantto send you money, and if anyone asks you for a user name andpassword from another account, just say no.

-- William Jackson