Leave a comment

Top Story: Spammers reverting to old tactic to bombard your inbox

Are you noticing more junk and spam email in your inbox lately? This may be why.

Spammers are reportedly reverting back to an old technique to defeat anti-spam and anti-malware filters.

The technique, called hailstorm spamming, is the use of a large number of IP addresses for sending out a high volume of spam email over a short span of time. It is in contrast with another spamming method dubbed Snowshoe, which uses multiple IP addresses to send out a low volume of spam emails over an extended amount of time.

Both techniques attempt to override and evade email reputation or volume-based filters and their campaigns typically end before spam filters have the time to update.

“Hailstorm spam attacks end just around the time the fastest traditional anti-spam defenses can update in response,” wrote Cisco Talos researchers in a recent security blog.

The researchers also noted that unlike a snowshoe spam attack, whose maximum query rate is only 35 queries per hour, a hailstorm attack can spike up to over 75,000 queries in an instant, then drops back down to nothing.

A snowshoe attack (top) vs a hailstorm attack (bottom). Photo credit: Talos


Additionally, the Cisco Talos team analyzed 500 hailstorm campaigns and the spammers mainly advertised sponsored links or redirects to "As Seen On TV" products like bathroom remodeling and dietary supplements.

They also warn that some of the hailstorm campaigns distributed malware as shown in the screenshot below:

Cisco Talos

The team wrote:

“The message claims to be generated in response to a complaint filed with the United Kingdom’s Companies House and tries to lure the recipient into opening an attached word document. The From address of the message is noreply@companieshouses.com while the legitimate government agency has their web presence at companieshouse.gov.uk. The attached Complaint.doc (SHA256: 985e9f4c5a49e26782141c7cd8f4ce87b0e0a026d078b67b006e17e12f9eb407) contains a macro that downloads and executes a Dyre/TheTrick Banking Trojan."

The source of the hailstorm spam is reportedly from IP addresses located all around the globe. The addresses with the most spam volume sent were from the U.S., Germany, Netherlands, Great Britain and Russia  The most common domains were .top, .bid, .us, .win and .stream.

And finally, as spammers try a variety of different tactics, like hailstorm and snowshoe spamming, to rapidly deploy and circumvent anti-spam filters, it is important for users to remember these vital tips:

  • Don't download unsolicited email attachments, especially from unknown sources.
  • Don't click on links in suspicious emails.
  • Install software security solutions like anti-virus and anti-spam on your computers.
  • Update and apply patches to your systems regularly.
  • Beware of pop-up ads on your web browser.
Next Story
Source: Threatpost
View Comments ()
iPhone 8: Leaked documents confirm existence of a premium version
Previous Happening Now

iPhone 8: Leaked documents confirm existence of a premium version

Join Sir David Attenborough on a journey through life
Next Happening Now

Join Sir David Attenborough on a journey through life