Spearphishing for spam
CNET has an article talking about how social networking sites are getting hit by malware attacks that appear to be personalized because of the information inherent in the site.
I expect a much worse problem in the next few years. I anticipate the growth of "spear-phishing" or targeted, personalized spam using personal information gleaned from bots and updated mailing lists, cross-indexed with public records and google searchs. For instance, it wouldn't be that hard to monitor email traffic, figure out who people talk to and deliver email, ostensibly from those "friends" that would be effectively impossible to filter. How about subject lines taken from websites browsed by the victim or even copying subject lines received on an earlier email?
This idea requires some email theft, which isn't so hard. But it could also be done by using spyware on a PC, malware at a social networking site or even a massive hack against a poorly-defended "viral" site like Plaxo.
Every spam filtering system out there today that I know of will collapse under the weight of this kind of mailings.
Posted on October 04, 2006
