Another new term that I can add to my Web vocabulary, "Malspam".
I found an interesting article "Penetrating the Zombie Collective: Spam as an International Security Issue", where it goes on to discuss how spam messages have plagued computer users as long as email inboxes have been in existence. The new common nature of spam messages is that they have evolved into much more than your normal run-of-the-mill spam email that you may have had in the past. Spam has taken on a new very ugly face called malspam which this interesting article explains as being a variant of spam messages that intentionally capitalizes on a computer user's weak information security.
What exactly is Malspam?
The popularly exploited "CNN.com Daily Top 10" malspam message that we previously wrote about is only one recent example of malspam that is plaguing the internet world today. Malspam messages utilize popular subject lines to entice computer users such current events and hot topics. Dictionaries will tell you that spam is defined as unsolicited usually commercial e-mail sent to a large number of addresses. Now, let's beef up the term by basically adding malware to the equation and you simply get malspam. Malspam is new form of spam that is initially presented in the form of a spam message but the malicious linking embedded within a malspam message makes it very different from a normal spam message that you may be familiar with.
Spam dates back to the 1970's and the rate of spam messages evolving into something different and more malicious has only increased exponentially just recently. It is estimated that 80% of the newer spam messages result from automated sources and security compromised systems that are controlled remotely by spam senders. It was also said by some sources that 80% of spam comes from about 200 spammers who reside in the U.S. The percent of spammers outside of the U.S. is on a steady rise where the messages include more malware. Because most Malware code writers reside outside of the U.S. and more spam message sources are increasing outside of the U.S., we are starting to more malspam messages. It works hand in hand unfortunately.
What does Malspam look like?
Ever get those emails that are titled something that is currently being talked about in the media or even subjects that are related to something that you know is totally bogus? Wheather a malspam message title is true or not, it usually makes out to be something that sparks people interest such as our previous post "New Malicious Spam Email: CNN Alerts: My Custom Alert" post explains. Malspam messages may have titles similar or related to the subjects below.
- Obama is gay
- Britney Spears loses kids
- McCain drops out of running
- McCain names VP post
- Justine Timberlake gay video
- CNN.com Daily Top 10
- CNN Alerts: My Custom Alert
- 50 Cent sues Taco Bell
All of the above would spark your interest if it were true or false wouldn't it? If you received a few emails with those titles would you open the email and proceed to read it with a slight possibility of clicking on a link within the message to confirm the story? This is where the malspam attack happens. If you make the mistake of opening a message using a subject similar to the list above then you may be greeted by a notification that says "Flash player: Incorrect version". The message is bogus and tries to get you to download a new Flash player which in reality is a malicious file that may download and install malware onto your computer.
Malspam Tip: It is advisable that you monitor security sites that provide information warning you of recent malspam messages or new threats to look out for. The best thing that you can do is delete a message if you are even a little uncertain about it.
Have you received any email messages that were titled with any of the subjects listed above? Did you end up opening that message?