RSS Alerts

Share

More services

Related Links

  • Symantec
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Russian police squash major pharmacy spam campaign
    It seems that Russian police are working steadily to crush the rising tide of so-called pharma spam campaigns, with one security researcher having heard about a raid on the hackers behind the Rx-Promotions scheme.
  • Pharmacy spam campaign hijacks Google brand name
    A new pharma spam campaign uses the Google brand. More than 250 similar blog-related campaigns have been tracked in the last two days.
  • RSA 2011: The spambot ecosystem revealed
    At the RSA 2011 conference, Joe Stewart, director of malware research at Dell SecureWorks, revealed that spambots are now piggybacking on existing worms and viruses to extend their reach.
  • Spam and phishing volumes down in January
    The January monthly report on the state of spam and phishing from Symantec claims to show that phishing was down 16% on December, whilst spam levels were down 15.7%.
  • Donbot botnet generates Bank of America phishing scam
    A threat analyst with M86 Security claims that, whilst phishing attacks against bank customers are nothing new, his research team has observed the Donbot botnet generating volumes of spam against Bank of America online account users.

Top 5 Stories

News

Royal Wedding attended by spammers

24 February 2011

Two month's away, the wedding of Prince William and Kate Middleton is already being used by spammers to lure internet users to click through and buy replica goods.

According to Amanda Grady, a principle analyst with Symantec, the most interesting aspect of the Royal Wedding spam seen so far is that it is not loaded with malware, but attempts to sell fake goods.

"Although infected botnet machines are responsible for the vast majority of spam sent globally (77% at the end of 2010), these attacks do not fall in that category, and in fact the IP which is sending the spam is the same as the one hosting the domain which is linked to in the email", she says in her latest security blog.

"This domain has also been used in other spam campaigns, such as the long running Who's Who social networking spam messages. It was registered on February 9, 2011, using Moniker Privacy Services for anonymity, and since then has been used in at least half a million spam emails", she adds.

Dissecting the spam, Grady reports that, if a user clicks on the link in the email, it firstly redirects to the Lynxtrack.com domain, which checks that the user’s IP is based in the US, before redirecting to the final destination product site.

The product site, she asserts, was registered much earlier, on December 21, 2010, using a different registration service, indicating that the people behind the site might be purchasing spam services rather than sending it themselves.

The Symantec researcher calls these types of spam attacks 'snowshoe' campaigns, and claims her research teams are seeing at least 350,000 messages a day originating under the scheme.

"As the British Royal wedding gets closer though, we do expect to see it featured in other spam campaigns to attract users' attention or at the very least in scraped news headlines", she says.

This article is featured in:
Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012