NEWS Spammers have started using spyware to steal personal information so they can customise the subject lines of unsolicited emails to increase their chances of being read.
Research by email security firm MessageLabs has revealed that spammers are targeting companies and individuals with unsolicited messages that have subject lines containing names, familiar words or phrases that have been stolen from the victim's computer.
This is possible once a computer has been compromised with a piece of spyware that can track keystrokes or scan documents and send the information back to the spammer.
MessageLabs' senior anti-spam technologist Matt Sergeant said the spam target is more likely to open an email if the subject line contains information that is directly relevant to them or their job.
"The idea is that by using familiar words and phrases, such as passwords, a pet's name or a company name, users will be more likely to open the email," Sergeant said.
The volume of spam has increased dramatically over the past two years, so much so that some security companies say the majority of email traffic is now spam. The problem intensified with the emergence of viruses and Trojans that were designed to infect unprotected computers and turn them into spam-sending zombies.
As the spam problem grows, so does the anti-spam industry; as a result, the spammers have started colluding with malware writers to try and increase their hit rates, according to MessageLabs.
Sergeant said that the lines between different email security threats are becoming more and more blurred.
"We increasingly find that spammers, virus writers and hackers are combining their malware to create evermore sophisticated email security threats," said Sergeant.
Maxine Holt, senior research analyst at Butler Group, said the spyware problem is potentially very serious. She said there is no way for a company to completely protect itself without disrupting every day business activities, so they should combine technology with education and enforce a security policy to reduce their risk as much as possible.
"Companies need to ask themselves what level of risk they are willing to accept in order to conduct their day-to-day business. Security is not just at the perimeter," Holt said.
Munir Kotadia writes for ZDNet UK
Comments
There are 5 comments. Join the discussion
1. Craig
A spammer's priority is to get as many emails 'out there' as possible in order to get the 1% take up to cover their costs. If each email is tailored to an individual then this will reduce the volume they could product.
They would have to use some kind of A.I. system to trawl through the thousands upon thousands of pieces of information their spyware returns to them, string it all together in a way that would make some sense to the recipient, and get the email out the door.
'Spam' and 'sophistication' aren't usually two word one would use in the same sentence.
I'm doubting this new threat a lot!
2. K Beswick
It still gets me WHY do they go to such lengths to get around SPAM filters?? Surely if someone has gone to the trouble to stop as much spam as possible why, even if they do open the mail, do the spammers think that people will respond?? I just wish we could stop the small minority of people who do respond to these emails so then the spammers would make no profit and leave us in peace! (wishful thinking).
3. anonymous
Ironic - when I read your article on Spyware my SpyBot S&D tells me that it has just blocked the download of "Avenu A, Inc".... no change that to hypocritical...
4. Mitch
Many years ago, a bank manager told me, " . .if you want the truth in a story . .find out where the money is . . "
The bottom line with spamming is that they are making money and lots of it at that. They need a return rate of 1 in a million, so the more they send out, the better their chances.
Surely the way to stop spam is to penalise those companies that are paying the spammers? If Acme Pharmaciuticals Inc were fined every time a spam was carried out on their behalf, they would soon stop paying spammers. No pay, the spammers would have to find something else to do. Like get a job.
Unfortunately, the companies that benefit from spam are American, and anything that impedes American sales is regarded as criminal and subversive by the land of the free.
5. anonymous
Craig: Your doubts are not founded on the facts: you do have reason to be worried - VERY worried. Spyware aids identity theft which is one of hte most urgent problems being faced inthe US right now. For your information, US banks and credit card compnaies lost more than $1.1 BILLION last year due to identity theft and "phishing"...spammers posing as legitimate businesses to get their hands on your private information. This is serious people and unless we do something right now, it will grow worse.