Democratic presidential contenders, Sens. Barack Obama and Hillary Rodham Clinton are being used in spamming campaigns to dupe people into giving up their personal information and buy into pharmaceutical and pump-and-dump stock schemes.
"The presidential candidates themselves are a well known brand because many people receive legitimate emails from the candidates," said Dermot Harnett, a principal analyst on Symantec's antispam engineering team. "It makes it more likely that victims would go into the email and click on the link."
In February, spammers circulated bogus links to Hillary Clinton videos cloaking a malicious Trojan. URLs containing Clinton's name have also been used in porn and Viagra spam, Symantec said.
Republican contenders are not immune. Sen. John McCain, and Gov. Mike Huckabee, who recently bowed out of the campaign, have also been the subject in some spamming runs. But it's the heated race between Obama and Clinton that spammers are primarily leveraging, Harnett said.
The spam campaigns are being tracked by Symantec and were part of the vendor's State of Spam Report. Symantec said spam volume overall has steadied at 78.5% of all email for the past two months. It is still an increase from an average of 61% for the first half of 2007.
Spam levels typically stabilize after the holiday shopping season, when spam campaigns usually reach their peak. Spammers have also reached a point of market saturation as well, Harnett said.
"Although spam levels have stabilized, the huge number puts a lot of stress on system resources," he said.
As presidential candidates themselves are brands, spammers are also latching on to traditional names. Southwest Airlines is the latest firm to experience brandjacking. Symantec said it tracked a significant number of spam messages offering two free airline tickets if the recipient registers and completes a survey.
"The purpose of the message was to collect personal information and it's the type of technique that is fairly successful," Harnett said. "Spammers use it over and over again."
Spammers also are continuing to test different techniques to dupe security vendor antispam engines. PDF spam appeared to reemerge in January, according to antispam and managed services vendor MX Logic. Symantec said it continued to track PDF spam but at extremely low levels, which could indicate that spammers are testing the ability of antispam vendors to detect the faux messages.
"What we generally see before an outbreak is a test at low levels first and then a huge spike," Harnett said. "Right now we have the appropriate measures in place to block those messages."
Symantec launched its State of Spam website in February. The site is where antispam engineers plan to share their ongoing research and report their findings.