The number of spam e-mail messages containing social media links is on the rise. Security firm MessageLabs detected an attack in mid-November that raised the amount of these messages from only a fraction of a percent to 4% of all spam.
This surge in social-related spam can be attributed to a botnet called DonBot. It sent out large volumes of spam e-mails with images and links to thousands of social media accounts from November 18 to 23. Some of the accounts are fakes, created just to run scams; others are legitimate accounts that were hijacked. A botnet is a group of software robots, or bots, that sends malicious spam attacks from infected computers
“The spammers are tying to take advantage of sites that are legitimate and are getting through the anti-spam filters,” said Paul Wood, senior analyst at Message Labs Intelligence. “If these social network domains are white-listed, then spammers are able to get messages through.”
The e-mails themselves appeared as images with promises that the recipient can “get rich by working at home.” The messa
ges contain images of a fake newspaper article within the body of the e-mail, which itself is a link to a Twitter account. The reason that so many got through filters is that Twitter is a legitimate site, and filters can’t completely block it without stopping a huge amount of legitimate e-mails as well.
The amount of spam grows every year. According to MessageLabs, spam levels grew to 88.1% of all e-mail sent during October 2009, which is up from last year’s average of 82% of all e-mail. MessageLabs predicted that this number will grow next year as spammers become savvier about tricking the filters that are in place on most social networks to determine if a real person is sending the message.
The growth of spam means that legitimate marketers are increasingly challenged to adhere to the CAN-SPAM Act and industry best practices.
“The challenge is to adhere to legal guidelines and the best practices that trade associations have set for direct marketing so that you can identify that you are not a spammer,” said Wood. “It is also important for marketers to protect personal data, to make sure they are using it in the way that it was designed for, which is communicating with people who have opted in.”