Anti-virus firm warns: Don't click links in emails

MANILA, Philippines -- Computer anti-virus vendor Kaspersky Lab said spammers are trying to draw online users’ attention to their messages and has sent out a warning not to click links in emails.

Tatyana Shcherbakova, Senior Spam Analyst of Kaspersky Lab, said spammers have started using famous names, world events or fake notifications from popular online resources to catch the attention of users.

"Many emails contain links to malicious programs, including exploits. We would like once again to remind users not to click the links in emails, even if the sender appears to be someone you know. It is much safer to enter the address in the browser manually," Shcherbakova said.

Kaspersksy reported in the first quarter of 2013 that spammers have switched to creating background noise known as "white text", a technique that was once well known but had fallen into disuse.

The "white text" method involves adding random pieces of text (eg. sections of news reports) to the email. These insertions are in light gray font against a gray background and are separated from the main text of the ad with a lot of line breaks.

The scammers expect content-based spam filters to regard these emails as newsletters. The use of random news fragments make each email unique and thus difficult to detect.

Kaspersky added that spammers have been exploring the possibilities of legal services and are now using them to bypass spam filtering.

The actual address to which the malicious link leads is masked by two legal methods at once. First, the spammers used the Yahoo URL shortening service and then processed the subsequent link through Google Translate.

This service can translate web pages in the user-specified link and generate its own link to that translation. The combination of these techniques makes each link in the mass mailing unique while the use of the two well-known domains add "credibility" to the links in the eyes of the recipient.

In the first quarter of 2013, several high-profile events occurred such as the death of Venezuelan President Hugo Chavez, Pope Benedict XVI's resignation, and the subsequent inauguration of the new Pope Francis. Such events did not go unnoticed by spammers.

There were many mass mailings which imitated BBC and CNN news reports and the users’ curiosity was aroused by the promise of sensational photos and video footage.

In terms of the most active spam distributors, China (24.3 percent) and the US (17.7 percent) remained the most active while South Korea came third with 9.6 percent.

Interestingly, the spam originating from these countries target different regions: most Chinese spam is sent to Asia while junk mail from the US is mainly distributed in North America, meaning majority of the part can be considered internal spam.

Unsolicited messages from South Korea, meanwhile, go chiefly to Europe.

"In Q1 2013, the percentage of unsolicited correspondence in mail traffic fluctuated from month to month, although the average figure remained practically unchanged from the previous quarter," Shcherbakova said. "We expect the share of spam to remain at its present level in the future or grow slightly due to the recent increase in the number of multimillion mass mailings."