What's old is new again: Spammers revived old schemes in March quarter

Spammers revived some old scams during the first three months of the year to wrap their tentacles around unsuspecting netizens, according to junk mail fighters.

Meanwhile, spam volumes during the time frame remained flat when compared to the previous quarter.

One technique that saw a resurgence during the March quarter was the use of "white text," according to Kaspersky Lab's Q1 2013 Spam Report.

[See also: Cybercriminals are just businessmen at heart]

The method embeds random pieces of text in the spam message. The insertions are typically in a light gray font against a gray background and are separated from the main text of the spam ad with a lot of line breaks.

"The scammers expect content-based spam filters to regard these emails as newsletters and, besides, the use of random news fragments makes each email unique and thus difficult to detect," Kaspersky reported.

The technique also exploits the fact that anti-spam solutions are designed to block newer spam tricks instead of older techniques, added Kaspersky senior researcher Roel Schouwenberg. "Their detection rates of spam messages from months or years ago may actually decrease," he said in an email. "This is why we see a resurgence of old techniques occasionally."

Record performance by the Dow Jones Industrial Average appeared to put new life into "pump and dump" schemes during the quarter. In that scam, an online grifter will buy some "penny stocks" and flood the Net with spam about what a great investment the stock is. The idea is to get investors to buy the stock and send its price higher.

"People do respond to these things and pump the price up," Troy Gill, a senior security analyst with AppRiver said in an interview. "If it goes up just 10 cents, these guys can make a pretty decent margin."

"That's something we used to see a lot of in 2008-2009," he added. "We really didn't see much of it for a long time, but it's been happening quite a bit this year."

In the SMS spam sphere, another old standby has shown some growth over the last two quarters: work-at-home scams."We're seeing it in email as well," Andrew Conway, a threat researcher with Cloudmark, said in an interview.

The scam is primarily used to recruit money mules, he explained.After being recruited through a spam message, the "mule"is told they'll receive a sum of money in their bank account --typically under $10,000 to avoid being flagged for federal regulators. The mule then wires the money -- minus a handling fee of eight percent or so -- to an offshore spammer.

In April, 96 money mules were used to fleece a hospital in Washington state of $1 million. The attack could have been worse, but the attackers ran out of money mules to launder the money, according to cyber security columnist Brian Krebs.

"Coincidently with that attack, we saw an uptick in both SMS and email spam trying to increase money mules," Conway said.

A more recent spam trend involved the use of links to brand-name services to obfuscate malicious links, Kaspersky reported. The malicious link is masked by two legitimate ones, with spammers using the Yahoo URL shortening service and then processing the subsequent link through Google Translate.

The combination of these techniques makes each link in the mass mailing unique. In addition, use of the two well-known domains adds"credibility" to the links in the eyes of the recipient.

"These are legitimate services," Schouwenberg said."So the domains themselves are trusted, even if the ultimate URL shouldn't be."

"For anti-spam solutions that don't perform any deep analysis, it will look like these messages are clean," he added.

Kaspersky also noted that spam volumes were flat during the quarter, increasing just over half of a percentage point over the previous quarter. On average, it noted, 66.55% of the email on the Internet on a daily basis during the time frame was spam.

"The percentage of spam in email has slowly been declining," Schouwenberg said. "It's unlikely that trend will suddenly reverse."

Read more about social engineering in CSOonline's Social Engineering section.

Join the CSO newsletter!

Error: Please check your email address.

Tags spamantispamapplicationsData Protection | Social EngineeringCloudmarksecuritykasperskypump and dumpsoftwaredata protectionkaspersky lab

More about Andrew Corporation (Australia)CloudmarkDow JonesGoogleKasperskyKasperskyYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John P. Mello Jr.

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts