Spam More Creative, Better Targeted

Thirty years after the first unsolicited e-mail advertisement was sent, the phenomenon now known as spam is continuing to grow -- and becoming more sophisticated, creative and malicious.

Spammers are now "subpoenaing" their victims with official-looking court documents, inviting them to schedule meetings on their Outlook calendars and offering to put them in movies, according to Symantec Corp.'s monthly "State of Spam" report for May.

"During the month of April, 80 percent of all e-mail was spam, with that number jumping as high as 87 percent at times," the anti-virus and online security company reported. Those figures are based on Simple Mail Transfer Protocol-layer filtering at the e-mail gateway and do not reflect the volumes of spam detected at the network layer.

Although any unsolicited and unwanted commercial e-mail can be considered spam, a growing amount of it is fraudulent or otherwise malicious. A growing concern is the practice known as phishing, which uses a variety of e-mail baits to lure victims into providing personal information or downloading malicious software that can steal the information. A subset known as spearphishing is, as the name implies, a targeted attack aimed at specific individuals.

In April, Symantec found an example of spearphishing that appears to be an e-mail notice of a federal subpoena from a U.S. District Court giving a courthouse address and telling the recipient that he or she is "commanded to appear" before a grand jury. The notice also contains a link for downloading the full subpoena, which actually downloads and installs a keystroke-logging Trojan on the victim's computer.

A new wrinkle in the now notorious Nigerian financial scam is the Outlook calendar invitation sent by e-mail. The sender wants to set up a date for paying $106 for the delivery of a package containing $850,000. The sender cautions, "Don't be deceived by anybody to pay any other money except US$106.00." Good advice, as far as it goes.

Instant messaging is also being used as phishing bait. A spam e-mail advertises an online service that will let you find out which recipients are blocking your messages. All you have to do is visit the Web site and enter your user name and password.

As it should be needless to say, the U.S. courts do not issue online subpoenas, it is unlikely that any Nigerian strangers want to send you money, and if anyone asks you for a user name and password from another account, just say no.

About the Author

William Jackson is the senior writer for Government Computer News (