Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Online fraudsters are ramping up spam attacks through emails designed to look like automated responses to undelivered messages, according to recent figures from PandaLabs. The cloud security firm saw a 2,000 per cent increase in the number of malware laden non-delivery report (NDR) messages in August, compared to the average monthly number in the first six months of 2009.Legitimate NDRs are automated messages sent to someone by a mail server when it cannot deliver an email to the intended recipient. This is usually because the email address has been entered incorrectly, the account has been deleted or the recipient's inbox is full.Around one in five global spam emails detected by PandaLabs is using this technique, making it one of the most pervasive forms of spam currently in use. "There is presently no consensus on whether NDRs are a technique used to evade anti-spam filters, or a collateral effect of dictionary attacks. Either way, this technique is now among the most widely used," said Luis Corrons, technical director at PandaLabs."Since most NDRs are legitimate emails and part of the mail server functionality, many traditional anti-spam techniques did not detect or block them up until now."Corrons explained that the messages themselves are usually legitimate, and that botnets are being used to exploit this mail server function by using the sender's real name to trigger the message response.The spammer's payload is then included as an attachment to the fake non-delivery notice. While in most cases users have not sent the supposedly undelivered email, they are still sufficiently curious to open it, said Pandalabs.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.