ATLANTA -- Email and Internet content security provider, Marshal, today warned of the emergence of three new forms of spam. The first is a new run of greeting card spam targeting major holidays; the second is disguised as an Adobe Picture Document Format (PDF) attachment; and lastly, is a new form of spam labelled as Piggyback Spam.
The Marshal TRACE (Threat Research and Content Engineering) team has identified a new run of Greeting Card spam that invites recipients to retrieve a greeting card. The recipient is asked to click on a web link in the message to access their greeting card. By doing so, they expose themselves to vulnerability exploits and an executable file named ecard.exe. This is in reality a copy of the Storm Trojan which compromises the users PC and merges it into a botnet a network of computers that can be commandeered remotely by a controlling server.
We all enjoy receiving messages on special days like Valentines Day and Christmas. On these days our guard comes down and we sometimes open messages that we would otherwise treat with caution on any other day. The spammers and virus writers know this so they use events and holidays like the recent Fourth of July holiday to try and catch people off guard, said Bradley Anstis, Director of Product Management for Marshal.
The PDF spam takes on the appearance of a legitimate business email containing an attached PDF file. The PDF features the file name username_report.pdf the username in the file name is the same as the email recipients name (taken from the recipients email address). The personalization of the attachment file name makes it appear more legitimate.
Spammers are struggling to find ways to fool spam filters and get their messages into peoples inboxes, said Anstis. Using a PDF file as the vehicle for the spam message is an attempt to do just that, as spammers believe that many anti-spam solutions largely ignore PDF files.
According to Anstis, spammers avoided this kind of spamming method in the past because attaching large file types like PDFs greatly increased the size of the message. Now with the widespread use of zombie networks and spambots, the spammers are less concerned with the size of the message. The spammers have tens of thousands of infected computers at their command and are able to move large volumes of this spam type.
This new spam contains typical product advertising messages. However, what is unusual is that a URL link also appears within the message which links to a malicious executable file. If users click the link they are prompted to download a file, which, if executed, will lead to further installation of malware such as key logging programs or spambot software onto their computers.
In the past, we have seen spam containing embedded links which pull down malicious files, said Anstis. These messages are specifically designed to trick end users into downloading and installing a file. What is unusual with Piggyback Spam is the link to the malicious file is unrelated to the spam content it is not integral to the main message. Rather, the links are inserted in odd places and essentially hitch a ride or 'piggyback on otherwise normal spam messages.