According to Kaspersky Lab’s latest spam report, spammers are reverting to old tricks in order to avoid detection from spam filters.
One such method being employed by spammers during Q1 2013, Kaspersky said, was the use of background noise known as “white text”. This involves adding random pieces of text to an email, this year in the form of news snippets.
Kaspersky said that these snippets are in a light grey font against a grey background and are separated from the main text of the ad with a large number of line breaks. This increases the chance of content-based spam filters to regard the emails as newsletters. And adding news fragments makes each email unique, and thus difficult to detect, Kaspersky added.
The report noted that the big events of Q1 – such as the death of Venezuelan President Hugo Chavez and the resignation of Pope Benedict XVI – were used as leverage by spammers. Mass mailings imitated BBC or CNN reports, and user curiosity was aroused by promises of exclusive video footage or photos when clicking a link, Kaspersky said.
Kaspersky said that this technique was once very popular among spammers, but has fallen into disuse in recent years.
“Spammers keep trying to draw users’ attention to their messages: they use famous names, world events or fake notifications from popular online resources. Many emails contain links to malicious programs, including exploits,” said Tatyana Shcherbakova, Senior Spam Analyst, Kaspersky Lab.
“We would like once again to remind users not to click the links in emails, even if the sender appears to be someone you know. It is much safer to enter the address in the browser manually.”
Spammers were also bypassing spam filters in Q1 2013 by using legitimate services, Kaspersky said in its report. When inserting malicious links into emails, they would use Yahoo’s link-shortening service, and the process the subsequent link through Google Translate, which can translate Web pages into a user-specific link and generate its own link in the translation.
The combination of these techniques makes each link in the mass mailing unique, and therefore more difficult to detect, Kaspersky said, adding that the use of the two well-known domains adds “credibility” to the links in the eyes of the recipient.
Despite spammers’ best efforts to bypass filters, however, Kaspersky did not record huge increase in the amount of spam being distributed in Q1 2013. The report said that the amount of unsolicited correspondence in email traffic grew slightly, by 0.53 percentage points, and averaged 66.55 percent.
Meanwhile, the increase in the proportion of emails with malicious attachments was also minor, reaching 3.3 percent, and the share of phishing emails fell 4.25 times to 0.0004 percent, Kaspersky said.
“In Q1 2013, the percentage of unsolicited correspondence in mail traffic fluctuated from month to month, although the average figure remained practically unchanged from the previous quarter,” said Shcherbakova.
“We expect the share of spam to remain at its present level in the future or grow slightly due to the recent increase in the number of multimillion mass mailings.”