Spammers turn to multi-layer read-receipt attacks

Romanian security firm BitDefender says it has detected a new wave of malicious spam campaign that uses a combination of requests for delivery confirmations for the unsolicited emails to validate active email accounts for illegal mailing lists.

Promoting medication for sexual improvement, the first-stage technique seeks to exploit read receipts or notifications. Under normal circumstances, a read receipt confirms the user has received and read the message. When related to bulk mail, a read receipt proves that the user’s email address is valid and active.

If the user discovers the trick, and does not send the read receipt, the spammers deploy a secondary layer of confirmation techniques which reference a remotely stored image. Email clients traditionally block this type of content: to see it, users allow the image to load - and thus to confirm that they have read the message.

Should the previous two confirmation tricks fail, the third layer takes advantage, especially when the victims suspects foul play, but may not be aware of the ‘classic’ unsubscribe or opt-out scam. The alleged opt-out links do not unsubscribe the recipient from the mailing list, but confirm instead that the email address is fully functional and ready to get even more spam.

“Confirming that email lists contain active accounts confers a premium on their value when they are sold on to malicious spammers,” says Vlad Valceanu, head of BitDefender’s Antispam Research division.

The latest campaign employs a new combination of established techniques, he adds, developed by mature operators, rather than newcomers. “Sex life improvement is one of the oldest ‘hook’s – spammers understand a lot about human psychology,” Valceanu adds. “This is a closed community that is technically assured, psychologically skilled, wise, and very proficient.”

More information:
www.bitdefender.ro
www.bitdefender.co.uk

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them

Close