Spam Hidden in Email NewslettersSpam Hidden in Email Newsletters
Spammers are now using 'wait and switch' techniques with templates of your favorite newsletters served with a spam popup
January 16, 2007
Careful what you read -- spammers are now hijacking legitimate newsletters and electronic advertisements from big-name brands such as the NFL, Amazon, Wal-Mart, eBay, ESPN, US Airways, Kohls, Verizon, and 1-800-Flowers.
"They are trying to mimic a legitimate newsletter as closely as possible, by inserting a single image or a link to one," says Doug Bowers, senior director of anti-abuse engineering at Symantec, which has been closely tracking this growing spamming trend during the past month.
Bowers says he and his colleagues don't have any data on the spammers compromising any machines, but it appears they are using templates to mimic the exact format of these newsletters or e-advertisements. "It seems to be a combination of techniques to sneak through a filter, identifying it as legitimate to confuse the user." Many of the infected newsletters Symantec researchers found read normally at first, and then suddenly pop up with a spammed image.
"One of our researchers calls this 'wait and switch,' where it appears you are looking at a newsletter, but then another [item] appears a few seconds later," he says. One spammed newsletter, for instance, looked exactly like the NFL's fantasy football report -- until, a few seconds later, an ad selling various prescription drugs showed up on the same page.
It's a new spin on an old trick. In the early days of spam, newsletters and e-zines were used frequently by spammers -- and then were often blocked by spam filters, causing an uproar among organizations that couldn't send or receive these communiqués. Spam filtering software responded with fewer false positives, but now may have to raise the bar again to block this new generation of spam -- without hurting "real" newsletters and ads.
Bowers says he and other Symantec researchers have not yet seen any malware contained in the spam messages, but that's something they will continue to evaluate. "The examples we've seen are more product promotion... trying to get their message displayed."
It's a pretty obvious clue the newsletter or ad is compromised when you see a Viagra advertisement pop up on your 1-800-Flowers email ad, but these spammers aren't necessarily trying to remain inconspicuous. "It comes back to a profit motive." Some may be testing the waters to see if it's an effective ploy that dupes enough users to make a little money, and if so, they would increase their volume of the spam, he says.
The best defense against this new exploit for now is to run strong spam filtering software, and to be aware of the latest scams, Bowers says. "This is a technique we are going to continue monitoring in the coming months."
— Kelly Jackson Higgins, Senior Editor, Dark Reading
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
What Ransomware Groups Look for in Enterprise Victims
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Everything You Need to Know About DNS Attacks
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Building Immunity: The 2021 Healthcare and Pharmaceutical Industry Cyber Threat Landscape Report
2021 Banking and Financial Services Industry Cyber Threat Landscape Report
Supply Chain Cyber Risk Management Whitepaper