Non-Delivery Reports, Newsletters Used in Recent Spam Attacks

According to a recent report released by PandaLabs, non-delivery reports (NDR) are being exploited by tricky spammers.

Panda Security, an anti-virus company, observed a 2,000 percent increase in the number of NDR spam messages in circulation in August, compared to the number seen between January and June of this year.

According to the company, 20 percent of global spam used this technique in August, an all-time high.

NDRs are e-mail messages that are automatically generated and sent by mail systems to notify senders about issues with their sent messages.

The truth is, “there is presently no consensus on whether NDRs are a technique to evade anti-spam filters or a collateral effect of dictionary attacks; either way, this technique is now among the most widely used,” said Luis Corrons, technical director of PandaLabs.

“These waves of spam are usually generated through botnets (infected PCs controlled by attackers to launch spam, etc.). Since most NDRs are legitimate emails and, part of the mail server functionality, many traditional anti-spam techniques did not detect or block them up until now,” he added.

In addition to NDRs, newsletter templates are being used to sell pharmaceutical products, according to McAfee.

Pharmaceutical spam in September is being driven by surplus drug supplies in China. This is enticing Chinese pharmaceutical companies to look to sending spam messages “to offload excess drugs internationally, as selling excess drugs inside the country violates Chinese law,” according to McAfee’s AvertLabs blog.

“Chinese newsletter” spam messages were the leading category of pharmaceutical spam last month, with a total of 52,428 e-mails containing 1,235 unique URLs in a single day.

Spam originating from China often makes up between 60 percent to 65 percent of current global spam volumes, according to McAfee.

Sources:</strong

http://www.darkreading.com/security/antivirus/showArticle.jhtml?articleID=220000125

http://www.itpro.co.uk/blogs/daveyw/2009/09/14/bouncing-spam-rises-by-2000-percent/

http://www.avertlabs.com/research/blog/index.php/2009/09/10/chinese-pharmacy-spam-and-our-monthly-spam-report/

http://www.mxlogic.com/securitynews/email-security/spam-messages-spoof-newsletter-templates-to-avoid-email-filters377.cfm