Spammers gatecrash G20 summit
Spammers gatecrash G20 summit
April 30, 2009:The G20 summit held in April in London was the subject for a rise in targeted malware attacks, according to the April 2009 MessageLabs Intelligence Report. In addition, the number of malicious websites intercepted per day continued to increase significantly, taking the average number of intercepted each day to 3561.
The G20 summit was the subject of intense global media attention and also the subject for a rise in targeted malware attacks over the last two months, peaking in early April. On average in 2008 the number of such attacks was approximately 53 per day, rising to around 60 per day in Q1 2009. In the run-up to the G20 summit held in London on April 2, and the days following, the number rose to approximately 100 per day.
The recipients of these attacks included financial organisations, including individuals from some of the central banks involved with the G20. The email included a PDF attachment, which if opened would cause a Trojandownloader to be installed and executed. This would then download further spyware components onto the target computer. It was noted that some attacks were crafted as replies to actual non-malicious emails, indicating that at least one of the recipients had already been infected.
“The economic crisis is front of mind for many people, cyber criminals included,” said Wood. “With recession-related spam and phishing attacks already appearing this year, it was just a matter of time before other fraudsters got in on the act. Consumers need to increase their online vigilance in such testing times.”“Image spam was a phenomena that peaked in 2007, and now we see spammers recycling their techniques in the hope of repeating history,” said Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec. “Unfortunately for the spammers, the good guys are ready for the next bout of image spam and the cyber criminals have had to significantly revamp their tactics in order to put up a good fight.”
Previously image spam involved emails containing attachments, such as .gif or .jpg that contained the spam content. However, today these images are now being hosted on trustworthy hosting sites, whilst taking advantage of redirection links from reputable sites in order to obfuscate the true location of the image hosting. This is a technique employed byspammers to evade spam filters that examine the domains of the hyperlinks contained in the email, in order to make a judgment about the nature of that domain and the likelihood that it is a spam message.
Other techniques used to evade detection include containing some standard email text, such as unsubscribe opt-outs and privacy links, designed to make the overall appearance seem legitimate and compliant with legislation such as CAN-SPAM in the US. Including randomised words within the content of the message in order to evade spam fingerprinting techniques and the use of HTML style tags to hide random text are other frequently used tactics.
The full report is available at http://www.messagelabs.com/intelligence.aspx.