Lovely Lena’s hot stock spam

Druckfreundlich, PDF & E-Mail

This article was submitted by John Sparry.

Whoever said the life of a spammer was an easy one? First you’ve got to hack into and install malware on lots of laptops and personal computers without their owners finding out. This is to create a botnet – that is, a field of drone computers used to send millions of spam messages out over the internet.

Then you’ve got to stay ahead of everyone and everything in place to stop you. One set of obstacles are the filters that scan email messages before passing them on to the intended recipients. Some are easy to fool, while other are constantly being updated and refined to weed out the cleverest of new spam techniques.

Once a message is identified as spam, its components are analyzed and the overall message signature is saved to reference against future email. The next time a message with the same signature is identified, it can be blocked.

Barracuda Labs honeypots recently captured a large influx of spam designed to get around message signature matching. They originated from botnets that dynamically created variants of the original spam, giving each a different signature. The examples below are three of the dozens of variants.

This first message attempts to convince the recipient to reply by email. The goal may be as simple as collecting quality addresses to sell or keep on hand for future spam or malware campaigns. It could also be to start a conversation and eventually persuade the target to give or loan their hard earned money to the fictional “Ellena”.

Compare this one with the message below.

They are basically the same message with slight changes in wording and “Ellena” is now “Lena”. The sender hopes that if the first message was classified as spam, this one will be different enough to sneak by. However, both of these have the same call to action – they want people to email [email protected] In spite of the change in wording, an email address common to multiple spam messages would quickly show up as a red flag. An adjustment has been made to the next message to account for this.

A new email address is used and again the wording is somewhat different.

Of course, there is a problem with all three emails. The subjects have nothing to do with the content of the message bodies. It’s much less likely that anyone will believe Lena’s flirty message is legitimate when the subject advertises a great stock deal.

The botnet responsible for sending the spam is also likely configured to create them in real time. A simple script randomly matching subjects with various message bodies is capable of spitting out hundreds or even thousands of differing messages in no time at all. Fortunately for any recipients, a mistake was made and the wrong list of subjects was used.

The above messages were part of a large spam attack that quickly began to fade in intensity. Perhaps the spammers realized their mistake and are actively retooling for another try. A spammer’s lot may not be an easy one, but there are a lot of them who are always working to bypass any and all security measures.

Barracuda works around the clock to protect customers from spam and malware in all its forms. You can get more information on Barracuda Security products on our Barracuda product page.

Barracuda Spam & Virus Firewall.
Get a risk free 30-day demo here.
Nach oben scrollen