Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    September 2014
    S M T W T F S
    « Aug    
     123456
    78910111213
    14151617181920
    21222324252627
    282930  
  • About Us

    Spammers are constantly trying new ways to bypass filters to deliver spam. One of the more typical methods is the use of word salad spam, wherein spammed messages are filled with random words. We recently noticed a spike in salad spam that’s circulating in the wild. Aside from the sudden increase, what’s interesting about this particular spam run is that it uses exact sentences copied from Wikipedia articles.

    For example, in the spammed message below, the first sentence is “Knipe taught his Hawkeye team 75 new plays in one week.” That sentence comes from the Wikipedia article about the American football player and coach Alden Knipe. The second sentence, “As a result, wine consumption in Australia has greatly increased as of 2006.,” comes from the article about cleanskin wine. The last sentence, referring to the House of Blues and the Theatre of the Living Arts, comes from the article about the Verizon VIP Tour.


    Figure 1. Sample spammed message

    This seemingly normal content may ensure the delivery of the message alone.  However, the spammers took it one step further by forging the From form field, making it appear that the email was sent from the recipient’s email account. This adds a layer of legitimacy to the spammed messages.

    Further analysis of the email samples show that this spam run is distributed by computers infected by the Kelihos botnet. This botnet is known for spamming and Bitcoin theft.  Our research indicates that these messages were sent from a variety of countries, including Argentina (18%), Spain (17%), Germany (11%), Italy (11%), and the United States (10%).

    Even though the Wikipedia salad spam may not be malicious—it can be described as a “nuisance” at best—the technique shows that bad guys are still refining known spamming techniques. While there was no malicious payload for this particular spam attack, the same could not be said for future spam runs. Users are advised to be cautious when opening emails. A good rule of thumb would be immediately deleting emails from unknown senders.

    Trend Micro protects users from these threats.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice