14 DAY TRIAL // Recent analysis of a spam outbreak revealed that spammers chose the IP addresses of hosting service providers to deliver unsolicited emails, to ensure better success of the campaign.
Among the tactics used by the spammers to avoid triggering the spam filters there was also placing random words in the messages and sending them from newly-registered domains that have not been associated with delivering spam.
Researchers at Trend Micro noticed the spike in spam activity and analyzed the messages and their point of origin. They say that the “two primary sources are hosting services providers and newly-registered domains that were not previously associated with known or detected spam activity.”
Most of the times, hosting providers are to be trusted, which explains the spammers’ preference for them.
Jean Chen, anti-spam research engineer at Trend Micro, says that most of the IP addresses used for sending the unsolicited messages were associated with a Canadian hosting service provider, while the others belonged to US-based providers.
He notes that the spammers wasted no time in using the newly-registered domains, as they began to fire the emails just minutes after registering them.
According to information from the researcher, the crooks started to use two of the new domains less than three minutes after registering them. Chen reported that “all the domains were filed under the same registrar by one organization.”
As far as the volume of the messages is concerned, at some point, the company’s systems recorded close to 4,500 emails sent every hour, from a single IP address.
However, when multiple addresses were used, the peak would reach about 25,000 messages per hour.
Telemetry data shows that most of the victims (85%) are from the United States, but other countries have also been affected, as recipients from Germany, Canada, Great Britain, and New Zealand were also detected.
It appears that the crooks used a wide range of themes for their messages. The text provided offers for hair loss cures, car sales, as well as retailer coupons. Also worth mentioning is that the text included links to websites that advertised the products themselves.
The measures users need to adopt in order to avoid falling for such tricks are quite simple: if the email comes from an unknown individual or seems suspicious in nature, it is best to delete it.
Also, in such cases, actions such as opening attachments or replying are strongly recommended against.