Clinton, Obama campaigns used in spam blasts

Spammers leveraged the heated Democratic presidential primary, using the candidates in a spam barrage to dupe recipients into revealing personal information to buy pharmaceuticals.

Democratic presidential contenders, Sens. Barack Obama and Hillary Rodham Clinton are being used in spamming campaigns to dupe people into giving up their personal information and buy into pharmaceutical and pump-and-dump stock schemes.

The presidential candidates themselves are a well known brand because many people receive legitimate emails from the candidates.
Dermot Harnett,
analyst, antispam engineeringSymantec

"The presidential candidates themselves are a well known brand because many people receive legitimate emails from the candidates," said Dermot Harnett, a principal analyst on Symantec's antispam engineering team. "It makes it more likely that victims would go into the email and click on the link."

In February, spammers circulated bogus links to Hillary Clinton videos cloaking a malicious Trojan. URLs containing Clinton's name have also been used in porn and Viagra spam, Symantec said.

Republican contenders are not immune. Sen. John McCain, and Gov. Mike Huckabee, who recently bowed out of the campaign, have also been the subject in some spamming runs. But it's the heated race between Obama and Clinton that spammers are primarily leveraging, Harnett said.

The spam campaigns are being tracked by Symantec and were part of the vendor's State of Spam Report. Symantec said spam volume overall has steadied at 78.5% of all email for the past two months. It is still an increase from an average of 61% for the first half of 2007.

Spam levels typically stabilize after the holiday shopping season, when spam campaigns usually reach their peak. Spammers have also reached a point of market saturation as well, Harnett said.

State of spam:
PDF spam reemerges in some inboxes: One vendor is reporting the discovery of a small amount of PDF spam reemerging since it almost completely disappeared in August.

Spam 2.0: New threats and new strategies: In the war on spam, new battlefronts are constantly emerging. Learn how security professionals can stay on top of the latest email threats.

Are challenge-response technologies the best way to stop spam? Challenge-response spam technology intercepts incoming emails and sends a challenge to the sender, asking him or her to confirm the message's validity.

Spam continues surge as spammers become clever in '07: Despite arrests of high profile spammers in 2007, spam continues to plague company servers.

"Although spam levels have stabilized, the huge number puts a lot of stress on system resources," he said.

As presidential candidates themselves are brands, spammers are also latching on to traditional names. Southwest Airlines is the latest firm to experience brandjacking. Symantec said it tracked a significant number of spam messages offering two free airline tickets if the recipient registers and completes a survey.

"The purpose of the message was to collect personal information and it's the type of technique that is fairly successful," Harnett said. "Spammers use it over and over again."

Spammers also are continuing to test different techniques to dupe security vendor antispam engines. PDF spam appeared to reemerge in January, according to antispam and managed services vendor MX Logic. Symantec said it continued to track PDF spam but at extremely low levels, which could indicate that spammers are testing the ability of antispam vendors to detect the faux messages.

"What we generally see before an outbreak is a test at low levels first and then a huge spike," Harnett said. "Right now we have the appropriate measures in place to block those messages."

Symantec launched its State of Spam website in February. The site is where antispam engineers plan to share their ongoing research and report their findings.

Dig deeper on Email and Messaging Threats (spam, phishing, instant messaging)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close