Spammers play hide-and-seek with AV

By on

The recent sharp rise in spam is being attributed to spammers being more selective in harvesting email addresses by avoiding anti-spam and anti-virus companies.

Instead of sending out emails indiscriminately, they now deliberately stop messages going to these companies' sites.

The technique, in which a compromised computer (zombie) harvesting email addresses skips those addresses known to belong to vendors, has sent spam levels to anti-spam companies plummeting, but is heralding an overall rise in spam.

"For a long time viruses sent in emails have been trying to cripple anti-virus processes," said David Emm, senior technology consultant at anti-virus firm Kaspersky. "But now they try to avoid specific domain names."

Spammers and virus writers hope that by blocking certain addresses they can launch a successful mailing campaign or virus before they are detected.

"In the past virus companies email acted as their own honeypot," said Emm. "By avoiding these email addresses companies will have to use other techniques to find spam. Although there has been no major situation yet where the industry has been caught on the hop it could happen, it's not impossible."

Neil Hammerton, managing director of messaging firm Email Systems said that spam was rare in his inbox.

"We only get around three per cent spam so this technique is obviously widespread," he said. "It makes sense for spammers to employ this sort of tactic."

The news arrives in the same month SC reported that some spam filters may be rendered useless by a new technique that sends spam via ISPs, rather than direct from a zombie.

www.kaspersky.com

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?