Aug. 9, 2007 at 8:00 AM ET
If you think a lot of fake e-greeting cards and unexpected e-mail attachments are landing in your inbox lately, you’re right. Spammers have once again reinvented their techniques and in recent weeks have been pummeling inboxes with specially crafted messages that evade many spam filters. Their latest trick: Adobe Acrobat attachments hawking stocks and the usual body-enhancement medicines.
Just this week, massive spam campaigns pumping two tiny stocks -- Prime Time Group Inc and China Shoe Holdings Inc -- peppered Internet users. There was so much spam that China Shoe Holdings was motivated to issue a press release Wednesday saying it had nothing to do with the e-mails.
Security firm Sophos said there were so many messages touting Prime Time Group that the total amount of spam sent to its clients jumped 30 percent within 24 hours.
"This was the mother of all (Acrobat) spam campaigns," Sophos researcher Ron O’Brien said.
Sophos has a detailed description of the spam messages on its Web site.
The swift rise in what some are calling "attachment spam" corresponds directly with an equally rapid decline in image spam, which became spammers' favorite tactic about six months ago. Image spam includes only pictures advertising stocks or products. With no text, the messages can trick filters that scan for suspicious words like “BUY!”
But as spam blockers improved their ability to detect unwanted image spam, spammers turned to the Acrobat attachments with advertisements that have become the next step in the cat-and-mouse game, O’Brien said.
"This is a clear sign that anti-spam vendors are having more success in blocking image-based attacks," said Doug Bowers, a researcher at Symantec Corp. "But spammers keep poking and prodding."
The new kind of spam also corresponds with an increase in fake greeting card messages, and that's no accident, said O'Brien. In fact, Sophos researchers think all these developments are tightly related. Would-be spammers first send out fake greeting cards, which trick recipients into visiting Web pages that are booby-trapped with malicious software that allows visitors' computers to be hijacked. Then those hijacked computers are turned into spam machines, and directed to send out attachment spam. The two-stage attacks are very effective.
With success comes imitation. Attachment spam was virtually nonexistent earlier this year, when half of all spam was image spam, according to Symantec’s recent state of spam report.
Attachment spam began to emerge in June, and by July accounted for 8.2 percent of all spam. Meanwhile, image spam was down to 25 percent. And in the past 48 hours, thanks to the large spam campaigns, about one-third of all spam was attachment spam, Bowers said.
Of course, if the spam weren’t profitable, it wouldn't continue. A glance at Prime Time Group Inc.'s stock chart suggests the recent stock-pumping spam might be dramatically effective. The stock is up about 75 percent from its opening price on Friday morning, though it's impossible to know how much of that might be connected to the spam campaign that began Tuesday morning.
Still, the Security and Exchange Commission has shown recently it's worried about stock spam. In March, it suspended trading in 35 companies that had been promoted in e-mail campaigns.
RED TAPE WRESTLING TIPS
*Don't ever read electronic greeting cards. They have officially become more trouble than they are worth. If you think one might be authentic, and you just can't resist, call the sender before opening it to make sure the card is real.
*So far, "attachment spam" is not infectious, just annoying. The Acrobat files researchers have inspected contain a simple message, but no computer virus, so if you've opened one of those, that doesn't mean your computer is infected. But avoid opening the attachments anyway, because future versions of the spam could very well be laden with spyware or Trojan horse programs
*Ensure your antivirus and spam-blocking software is up to date.
SUBMIT YOUR RED TAPE VIA VIDEO
Got some Red Tape you'd like MSNBC.com to untangle? Submit your personal saga via video by clicking here.