Expert spammers love a challenge, so they've decided to take on the world's most unlikely victims: the IT staff itself.
Researchers at MessageLabs Ltd. , a messaging security vendor, say they have detected a new form of spam that attempts to hide itself from content filters and human recognition by masquerading as legitimate email among IT staff.
The new spam messages include words and phrases such as ".NET," "XSS," or trouble ticket numbers that simultaneously avoid Baysian content filters and trick IT staffers into opening it.
"With words and phrases like that, a message is much more likely to be scored as non-spam by a content filter, and the subject lines are socially engineered to make an IT staffer believe they are legitimate," says Matt Sergeant, senior anti-spam technologist at MessageLabs.
The spam, which was likely created by top spam minds in Russia, creates an ironic twist: IT staffers falling for the same spam they always warn users not to open, Sergeant notes.
MessageLabs expects the spammers to expand their exploits to other industries, such as accounting or legal firms, using vertical jargon to fool content filters while making their messages seem more legitimate.
This approach could cause a lot of trouble for so-called "learning" content filters that pick up common terminology to help classify non-spam, Sergeant observes. "If this keeps up, the content filter could start scoring non-spam as spam," he says.
To avoid the problem, Sergeant advises companies to approach spam with filters that use more than one screening technique, avoiding sole reliance on Baysian or learning filters.
Tim Wilson, Site Editor, Dark Reading
Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio