Scammers launch ‘out of office’ spam
Posted on February 27, 2008
Filed Under Vnunet |
Robert Jaques, vnunet.com,
Tuesday 26 February 2008 at 00:00:00
Yet more ingenious ways to send junk mail
Spammers are increasingly using ‘out of office’ features in web-based email
to relay junk messages, security experts warned today. McAfee Avert Labs
reported several instances where spammers set up web-based email accounts and
configured auto responders with spam messages. The scammers then send email
with fake ‘from’ addresses to their newly created web mail accounts. The ‘from’
addresses subsequently receive the spam ‘out of office’ notices. McAfee noted
that, while this may sound like a convoluted way to send spam, it allows the
fraudsters to trick spam filters. An automatic reply from a well-known
web-based email service will look legitimate to many spam filtering tools. In
addition, unlike spam sent by botnets, the auto reply spam will have a
legitimate sender and will be signed with the correct signatures used to sign
email messages, such as DKI or Sender ID. The auto-responder spam does not look
like a typical out of office reply. The message subject always contains ‘Re:’
because it is added by the web mail service, but the spammer controls the rest
of the subject line and the message body text. “In recent weeks we have seen an
increasing amount of spam apparently sent by legitimate web-based email
systems,” said Jeremy Gilliat, an anti-spam engineer at McAfee. “I suspect the
spammer has a program that automatically creates accounts and sets the
responder text, all with no manual work required. This gives the spammer lots
of web-mail accounts, all used to spam lots of people.”
 |
 |
Comments
Leave a Reply
