Application security

Spammers using geek speak to bypass filters, trick IT pros

Spammers are taking a new approach in the language they use in mass emailings: writing like IT professionals themselves.

Researchers have seen a hike in recent months in the amount of spam containing "IT speak," according to email security firm MessageLabs.

The company has collected spam emails containing subject lines referring to support desk ticket numbers and popular technology buzzwords, such as .net, cpan, and xss that attempt to get system administrators to open potentially deadly emails.

Spammers may use similar techniques in the future to thwart the filters of accounting firms and other parts of the financial sector.

Matt Sergeant, senior anti-spam technologist at MessageLabs, told SCMagazine.com today that this concept could spread to other sectors depending on the success they're having now.

"We've seen some level of this kind of targeting in the virus world, when a spammer wants to target a particular company, this seems to be making spamming much more targeted," he said. "I think, at the moment, we're seeing the spammer experimenting with this. These are the top-tier spammers, the guys who are doing all the image stuff."

"It's hard to determine how successful this will become, it depends on the success they have with this," he said.

Earlier this week, researchers warned of more complex versions of image spam becoming more frequent.

Spammers are now using multiple frames within animated .gif files to hide messages, according to Internet Security Systems (ISS). The technique bypasses most anti-spam gates now in use.

Hackers often use multiple, layered frames to disguise their message in this new form of image spam, researches from ISS said.

"The message is hidden in one of the frames," Gunter Ollman, director of ISS's X-Force lab, told SCMagazine.com this week. "And what we're also seeing is the generation of these .gif files build up the actual message."

Click here to email Frank Washkuch Jr.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds