SurfControl Reports New Spam Scams
New schemes tempt users with Olympic Medals, Google Toolbars, and use graphics to hide from anti-spam engines.
SurfControl technical researchers reported a fresh rash of spam scams in August that use new techniques and current events to dupe computer users. Google's IPO and the Olympics are being used as bait to lure users into clicking through to new scams.
- Strengthen Organizational Agility with the Latest Advances in Case Management
- Accelerate Agility Now: WebSphere Application Server v8.5.5 Overview
- Altair Speeds Complex Simulation and Workload Management with the Intel' Xeon Phi Coprocessor
- How Virtualization is Key to Managing Risk
The Scotts Valley, Calif.-based anti-spam company found one scam that asks users to download the latest Google Toolbar, saying that it will stop popups and spyware. SurfControl technical staff says that the downloaded program has all the signs of a "serious virus-infected" file. Warning signs are all over the messages, including the fact that it is sent from an individual, and that the link is not only not Google's, but includes an IP address used for other scams.
A second spam scam avoids CAN-SPAM by using subject lines such as "Olympic Games" and "Olympic Medals" and "Athens 2004", and appearing to offer medal tallies. The message sponsor turned out to be an old-line Viagra sales site.
Another newly popular trick is to embed images into messages rather than HTML coding, which allows spammers to evade spam protections that rely on scanning HTML-based graphics, such as Outlook 2003. It appeared frequently this week in a spoof using U.S. Bank as part of a phishing scam as well as another selling sexual enhancement drugs. The technique also evades text-scanning anti-spam systems.
SurfControl vice president Susan Larson isn't surprised by the new schemes. "There is greater awareness of spam, so the spammers have to constantly create new techniques to trick end users," she said, "and companies need to be on the lookout for the new stuff."