By Paul Wood, Senior Analyst, Symantec Hosted Services
The New Year has arrived and excitement around the 2010 World Cup will soon reach fever pitch. Concurrently, I predict that inboxes will be inundated with a flood of football-related e-mails offering football videos, football tickets, football memorabilia and the like. Unfortunately, we’re just as likely to see an increase in spam runs not related to football, but using football as a hook to get the interest of the recipient. There is always a virulent underground of spam that uses hot topics to grab recipients’ attention. Be aware!
Recently, Symantec identified the largest spam run that mentions football explicitly – an evolution of the notorious “Canadian Pharmacy” spam mails carrying the subject line ‘Best soccer goal ever’. This run represented 0.1% of spam globally for a single day. The estimated global spam volume for that day was around 70 billion, meaning that around 70 million of these soccer spam mails were sent! The source was tracked to the Rustock and Donbot botnets, signifying a modus operandi that entails a single spam gang hiring two botnets to send a single spam run.
This format of the spam run has been seen many times with many different subjects, including recently, mails with subjects such as “Halloween Plans?”. This gang is using a very similarly formatted mail body, but cycling the subjects though any number of random topics. They do however seem to make some effort to tie in subjects with major events like Halloween and Thanksgiving – this would make sense as it increases the chances of someone opening and/or clicking through the mails. Remember, when in doubt, delete, delete!