Computer Crime Research Center


Geek spam

Date: October 02, 2006

MessageLabs, a leading provider of integrated messaging and web security services to businesses worldwide, today announced the results of its MessageLabs Intelligence Report for September and the third quarter of 2006. In this expanded report, MessageLabs observed the adoption of new spam techniques to circumvent traditional IT security and the sharp increase in phishing attacks which accounted for more than half of all the malicious emails intercepted by MessageLabs in September.

In recent weeks MessageLabs has noticed an increase in the number of spam emails that are specifically targeting individuals within the technology sector by using social engineering techniques. Called “geek spam,” this type of spam includes technology-related keywords within the email to dupe recipients into believing that the spam is actually something more relevant, such as a bug report. This targeted approach using hidden keywords can help to pollute the Bayesian filters often used by technology professionals. The use of technology buzzwords, such as .NET, cpan, xss and Java, hidden inside the body of the spam can ensure that the mail looks convincing enough for limited anti-spam software to allow it through.

“Cyber-criminals continue to seek new and more subversive means to launch their attacks. Geek spam is yet another way that the bad guys are evolving their methods and we expect to see an increase in other similarly targeted spam, such as accountants and by using financial terminology,” said Mark Sunner, chief technology officer, MessageLabs. “When you couple this with the continuing escalation in phishing attacks and an augmented focus on banks who have not adopted new security technology, the end user is increasingly more exposed to complex and well engineered attacks.”

MessageLabs research has also shown that phishing attacks continue to become more targeted as more criminal groups shift their attention from creating malware to conducting such attacks. The focus of these attacks has changed in recent months to banking organisations that have not deployed any two-factor authentication security measures. The unilateral approach undertaken by some banks has indirectly resulted in a huge increase in phishing attacks directed against those banks still investigating such technology. Banking organisations with this technology are still being attacked but on a much lesser scale. These increased attacks are perhaps a prelude to the imminent release of Microsoft Internet Explorer 7.0, which will include additional anti-phishing countermeasures
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo