The harvest is plentiful
The report also recounts other common ways spammers obtain e-mail addresses, many of which are by now well known, such as:
- Using spam bots that crawl the Internet looking for e-mail addresses;
- Bombarding an e-mail server with e-mail addresses and storing those that don't bounce; and,
- Buying lists from other spammers
However, in June Symantec observed greater use of a technique that blended illegitimate and seemingly innocuous e-mail harvesting.
The spammer would start out getting e-mail address lists using nefarious methods, but then send out "opt in" marketing requests to those on the list.
A typical e-mail would read: "Do you want to buy any stuff: any kind of pills, oem software, cool porn? Just mail me back, I'll find the best offer for you."
The list compiled from those who respond then becomes a "bona fide" opt-in catalogue of persons the spammer can send messages to freely, with no concern about spam traps, or that the message may be blocked by spam filters.
Quake e-mail used to spread viruses
Spammers and other cyber crooks commonly take advantage of natural tragedies - and Symantec witnessed the same phenomenon in the aftermath of the earthquake in China
The security company uncovered a widespread attack where infected e-mails, with sensational subject lines about the China earthquake are used to spread a virus.
Infected e-mails sent out en masse include one of the following subject lines:
- The most powerful quake hits China
- Countless victims of earthquake in China
- Death tool in China exceeds 1000000
- China is paralyzed by new earthquake
The body of the e-mail usually displayed a single line message with a URL link. When the URL link is clicked, a Web page opens up displaying the image of a video player, and instructing the user to play the video "to see the details of this terrible disaster."
Attempting to play the video, opens an executable file, which Symantec has diagnosed as Trojan.Peacom.D, a Trojan horse that gathers system information and e-mail addresses from the compromised computer.
"The Peacomm family of Trojans are also commonly known as the "Storm" Trojan."
"Similar attempts have been made in the past using high profile news events to spread viruses via email," says the Symantec report. "Users should be aware of such attempts, and avoid opening e-mails and clicking on suspicious links."