September saw a huge spike in so-called “calware” as malicious spammers sought a return to tried and tested techniques in an attempt to circumvent filters, according to Proofpoint.
Stats from the email security vendor show spam volumes rising to almost twice the usual amount during the month, as spammers returned to an “oldie but a goodie” form of unsolicited email first documented in 2008, Proofpoint noted in a blog post.
“They remain effective because even today many spam filters do not consistently block calendar invites (*.ics), and routing from legitimate domains make the message more likely to evade sender reputation filters,” it explained.
“They scale well in that a single invite can be sent to many recipient addresses simultaneously, and in terms of content they provide a lot of flexibility, delivering everything from classic 419 messages to links for medication purchase scams and straightforward spam.”
The unsolicited emails in question are spoofed to look like a typical calendar invite, except the body of the message contains classic spam content like a 419 scam, as depicted in the post.
Calware volumes peaked in the middle of September before levelling out again in October.
The recent spike illustrates the problem facing security firms tasked with blocking spam.
“Even as the templates and techniques available to attackers continue to grow, and as the nature of unsolicited email itself continues to evolve, they have a back catalog of established techniques at their disposal that they can dust off and launch with little cost and much confidence that they will yield results,” warned Proofpoint.
It’s been a busy time for spammers recently.
Earlier this week Bitdefender warned of a new pump and dump campaign – another favorite technique, this time designed to artificially inflate stock market prices to the benefit of the scammers.
The latest spam run spotted using this method managed to trick recipients into buying up 1.6 million “penny stocks” related to an unknown mineral deposit company.