AppRiver report looks back at Scams and Spam in August

by Steve Ragan - Sep 2 2009, 18:25

The monthly Spam Report from AppRiver came out this morning, offering a recap of events in the security world from the month of August, as well as a breakdown of some of the threats seen across its customer base of 6 million corporate users.

While not a Scam or Spam, one of the highlights in the AppRiver report centers on the CentMail proposal from Yahoo. The plan is to charge users one single cent for each outgoing email, which will be used to place a virtual stamp on the message, certifying it as legitimate.

The idea is to use the money collected to fund charities of the user’s choice, and the hope is that the stamped email would curb Spam. The only hitch is the assumption that spammers wouldn’t pay to send email. If stamping Phishing related email proved to be a decent ROI, there is little doubt that the criminals would pay for the privilege of ripping you off.

The monthly Spam Report also noted a clever twist in 419 related scams. The 419 (Nigerian Scam) letters started to appear disguised as Kid Rock Fan Club letters, Yahoo Personals, and tragically even Dilbert cartoons were used. It’s a sad state of things when a relative in Nigeria has to use a Dilbert cartoon in order to share the wealth.

The White House earned a mention in the report, when their mailing list was used to send millions of people messages hyping healthcare reform plans. The problem is that, well, there was no attack. The White House simply sent out millions of emails. As it turns out, the list grew to include millions of addresses because of a unknown third party.

“We are implementing measures to make subscribing to e-mails clearer, including preventing advocacy organizations from signing people up to our lists without their permission when they deliver petition signatures and other messages on individual’s behalf,” spokesman Nick Shapiro said in a statement about the email, responding to the thousands of complaints received.

There was a return of Pump-and-Dump email stock scams as well in August. AppRiver noticed that stock emails targeting Insight Management Corporation were appearing, which leads them to speculate that this trend might get worse as the U.S. markets start to improve. However, the spree of P-n-D emails seen during August was nowhere near the levels they were in the past.

UPS Tracking was also another theme last month. The USP Tracking emails sent to thousands of AppRiver clients contained an attachment that offered up the Bredo family of Malware. If infected, Bredo will offer up fake anti-Virus applications and false security warnings in an attempt to get the user to pay to have them removed. To date, AppRiver has seen 15 variants of the Bredo clan.

The full report is online here.

Around the Web