Spam and phishing

More stock (s)[p]{m}!

Most recent spammer innovations have centered around “pump and dump spam”. This is what spammers were mass-mailing out in those .pdf and .fdf attachments that we’ve seen recently. And this is the spam that comes in graphics files, with the text often rotated several degrees, and other spammer tricks.

And now we’ve seen the latest innovation, which really had me scratching my head. This spam is designed for die-hard puzzlers: the spammers have taken a very strange approach – splitting key words, such as ‘stock’, ‘buy’ etc. with non-alphabetic characters. The problem is that the plethora of non-letter symbols – curved brackets, asterisks etc. – make it very hard to read the text. In fact, someone would have to be extremely motivated to read such an email all the way through.

[u][g]{e} {N}[e][w](s) To Impa_ct <C> [Y](T)(V)

[u][g]{e} {N}[e][w](s) To Impa_ct <C> [Y](T)(V)

Chi,na YouT-V <C> [o](r){p}
S,ymbol: [C] <Y> [T](V)

We [h]{a}(v)[e] already (s) <e> <e> (n) CY*TV's m^arket imp.act bef^ore c*l^imbing to {o}(v){e}[r] $2*.00 (w)[i](t)(h) (n)(e) <w> [s]

Pre#ss Re,lease:
Chi^na YouTV^'s C-nBoo (W)(e){b} <s> {i}(t)(e) Ran#ks [N][o][.][1] on Micros
o*ft [L](i){v}(e) Searc#h Engi#ne

Of course, spammers are just trying to get round spam filters to deliver their message to end users. But they seem to have forgotten one very simple rule – it’s not enough simply to get the spam to the mail box, the user has to read it, too! And who is going to plough their way through a strange message crammed with a variety of brackets and other out of place punctuation marks?

If we take a look at the history of spam evolution, we can see that this isn’t something totally new. In 2003, spammers conducted similar experiments, littering their emails with symbols and non-Latin letters, resulting in messages that looked like this:

Vl/GR/| $0.95 /l)0SE
C|/|L|S $2.00 /|)0SE
}{E|||C/lL $0.91 /l)()SE
PR()PECl/|GR/, GLUC()PH/|GR/|GE, V|0} {}{,
CELEBRE}{, |/|ERl|)l/, Z()L0FF, P/l}{lL, LlP|T()R
E ll T E R

The result was almost unreadable emails, which quickly disappeared from the scene. Spammers clearly decided that this wasn’t a promising approach. However, either they got some return on their mass-mailings, or what we’re seeing now is a new generation of spammers who haven’t learnt from the mistakes of the past. We’ll see how long this latest wave lasts.

More stock (s)[p]{m}!


APT trends report Q1 2024

The report features the most significant developments relating to APT groups in Q1 2024, including the new malware campaigns DuneQuixote and Durian, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox