BitDefender points out a new mix of spam techniques

October 2008


Sex Life Improvement Drugs Kill E-mail Inbox- spammers trick users into confirming the validity of their e-mail addresses


<a href="http" _cke_saved_href="http" www.bitdefender.com"="" target="_blank">BitDefenderО©╫</a> researchers have detected a new wave of <b><a href="http://www.malwarecity.com/site/Main/listDictionary/S/#spam" _cke_saved_href="http://www.malwarecity.com/site/Main/listDictionary/S/#spam" target="_blank">spam</a></b> messages advertising medication for sex life improvement, such as male enhancement drugs. The novelty of this spam campaign resides both on its amplitude and on the mix of delivery confirmations the unsolicited e-mails request. The first technique seeks to exploit a common feature in most e-mail clients О©╫ read receipts or notifications. Under normal circumstances, a read receipt confirms the user has received and read the message. When related to bulk mail, a read receipt proves that the userО©╫s e-mail address is valid and active.</p> <center><a href="http://www.bitdefender.com/files/News/img/00_Confirmation_Spam.png" _cke_saved_href="http://www.bitdefender.com/files/News/img/00_Confirmation_Spam.png" target="_blank"><img src="http://www.bitdefender.com/files/News/img/Confirmation_Spam_oos.jpg" _cke_saved_src="http://www.bitdefender.com/files/News/img/Confirmation_Spam_oos.jpg"></a></center> <p>If the user discovers the trick and does not send the read receipt, there is, however, a secondary layer of confirmation techniques that spammers added: the reference to a remotely stored image. E-mail clients traditionally block this type of content. To see it, users should allow the image to load and thus to confirm they read the message.</p> <center><a href="http://www.bitdefender.com/files/News/img/01_Confirmation_Spam.png" _cke_saved_href="http://www.bitdefender.com/files/News/img/01_Confirmation_Spam.png" target="_blank"><img src="http://www.bitdefender.com/files/News/img/Confirmation_Spam_01s.jpg" _cke_saved_src="http://www.bitdefender.com/files/News/img/Confirmation_Spam_01s.jpg"></a></center> <p>Last but not least, if the previous two confirmation schemes fail, the third layer should be effective, especially when the users realize they have been duped and are not aware of the О©╫classicО©╫ unsubscribe or opt-out scam. The alleged opt-out links do not unsubscribe the recipient from the mailing list, but confirm his or her address is fully functional and ready to get even more spam.</p> <center><a href="http://www.bitdefender.com/files/News/img/02_Confirmation_Spam.png" _cke_saved_href="http://www.bitdefender.com/files/News/img/02_Confirmation_Spam.png" target="_blank"><img src="http://www.bitdefender.com/files/News/img/Confirmation_Spam_02s.jpg" _cke_saved_src="http://www.bitdefender.com/files/News/img/Confirmation_Spam_02s.jpg"></a></center> <p>To keep a system spam-free, users should adhere to the following guidelines: <b>О©╫ Install, activate and update a reliable anti-malware, anti-spam and anti-phishing security solution. О©╫ Do not enable automatic read receipt expedition in your e-mail client. О©╫ Always delete the spam messages; if you accidentally open them, display the attached images or click links within their corpus you simply indicate your e-mail account is active and available to receive more spam or you may accidentally trigger and install other malware. О©╫ Do not open e-mails and e-mail attachments from senders you do not know. О©╫ Do not open e-mails with odd entries in the Subject line. О©╫ Do not click any links indicated in the spam e-mails, including the О©╫unsubscribeО©╫ link; you might trigger other malware and compromise your systemО©╫s security. О©╫ Do not unsubscribe, opt-out or reply to any spam message; you will confirm your e-mail address is active and available for receiving even more unwanted messages. О©╫ When browsing the Internet, do not submit your e-mail address and personal information when requested by suspicious web pages. О©╫ When purchasing goods and services online, refrain from signing-up for any additional service or promotion, as well as other online subscriptions, advertised on the sellerО©╫s website. О©╫ Use at least two e-mail addresses. Create one e-mail account and use it for your correspondence with people you know and a second e-mail account for the websites forms requiring an e-mail address to allow content access. О©╫ Avoid placing your e-mail address on websites, guest books, newsgroups, contact lists, shopping or gift lists.</b> <i>О©╫Users should be aware that without the appropriate security solution the integrity of their systems is at an extremely high risk,О©╫</i> said Vlad Valceanu, head of BitDefenderО©╫s Antispam Research. О©╫To validate the e-mail address means that the user has signed the death sentence of his or her inbox. The next messages the spammers will send could carry a piece of malware that wipes out the hard drive or harvests and sends out sensitive data, like the credit card number the user types when purchasing goods online.О©╫</p><p></p>



Share This ON: