Marshal Warns of New Spam Tactics

Email and Internet content security provider, Marshal, warned of the emergence of three new forms of spam

ATLANTA -- Email and Internet content security provider, Marshal, today warned of the emergence of three new forms of spam. The first is a new run of greeting card spam targeting major holidays; the second is disguised as an Adobe Picture Document Format (PDF) attachment; and lastly, is a new form of spam labelled as Piggyback Spam.

E-Greeting Cards

The Marshal TRACE (Threat Research and Content Engineering) team has identified a new run of Greeting Card spam that invites recipients to retrieve a greeting card. The recipient is asked to click on a web link in the message to access their greeting card. By doing so, they expose themselves to vulnerability exploits and an executable file named “ecard.exe.” This is in reality a copy of the Storm Trojan which compromises the user’s PC and merges it into a botnet – a network of computers that can be commandeered remotely by a controlling server.

“We all enjoy receiving messages on special days like Valentine’s Day and Christmas. On these days our guard comes down and we sometimes open messages that we would otherwise treat with caution on any other day. The spammers and virus writers know this so they use events and holidays like the recent Fourth of July holiday to try and catch people off guard,” said Bradley Anstis, Director of Product Management for Marshal.

PDF Spam

The PDF spam takes on the appearance of a legitimate business email containing an attached PDF file. The PDF features the file name ‘username_report.pdf’ – the username in the file name is the same as the email recipient’s name (taken from the recipient’s email address). The personalization of the attachment file name makes it appear more legitimate.

“Spammers are struggling to find ways to fool spam filters and get their messages into people’s inboxes,” said Anstis. “Using a PDF file as the vehicle for the spam message is an attempt to do just that, as spammers believe that many anti-spam solutions largely ignore PDF files.”

According to Anstis, spammers avoided this kind of spamming method in the past because attaching large file types like PDFs greatly increased the size of the message. Now with the widespread use of zombie networks and spambots, the spammers are less concerned with the size of the message. The spammers have tens of thousands of infected computers at their command and are able to move large volumes of this spam type.

Piggyback Spam

This new spam contains typical product advertising messages. However, what is unusual is that a URL link also appears within the message which links to a malicious executable file. If users click the link they are prompted to download a file, which, if executed, will lead to further installation of malware such as key logging programs or spambot software onto their computers.

“In the past, we have seen spam containing embedded links which pull down malicious files,” said Anstis. “These messages are specifically designed to trick end users into downloading and installing a file. What is unusual with Piggyback Spam is the link to the malicious file is unrelated to the spam content – it is not integral to the main message. Rather, the links are inserted in odd places and essentially hitch a ride or 'piggyback’ on otherwise normal spam messages.”

Marshal Inc.

Editor's Choice
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
John Abel, Technical Director, Google Cloud
Cynthia Harvey, Freelance Journalist, InformationWeek
Christopher Gilchrist, Principal Analyst, Forrester
Cynthia Harvey, Freelance Journalist, InformationWeek