Spammers Use Non Delivery Reports To Reach Inboxes

Figures released by security company PandaLabs show that cybercriminals are beefing up spamming attacks using emails tailored to resemble the legitimate automated non-delivery report (NDR) messages.

The cloud security company found a massive 2,000 percent hike in the count of malware infested NDR messages in the last month, compared to the number of NDR spam messages sent in the first half of the year.

As many as 20 percent of all global spam messages detected by PandaLabs have been using this technique to trick email users, making it a prominent form of spam presently in use.

Luis Corrons, PandaLabs’ technical director, said in a statement: "There is presently no consensus on whether NDRs are a technique used to evade anti-spam filters, or a collateral effect of dictionary attacks. Either way, this technique is now among the most widely used".

As majority of NDR messages are legitimate and form a significant part of mail server functionality, several traditional anti-spam methods simply failed to detect and block these messages until now, Corrons added.

Spammers usually attach their malicious payload as an attachment to the bogus non-delivery notice, usually sent through botnets, to infest victim’s computer with malware content and even seize its admin rights remotely.

Our Comments

This problem affects mostly fat clients (i.e. the likes of Outlook) where filtering occurs either at the service provider or within the company's mail system. Ironically, web-based services like Gmail and Yahoo Mail, which are focused on consumers rather than businesses, tend to be more proactive simply because they have the resources and can roll out radical changes very quickly.

Related Links

'Non-delivery report' spam surges

(PC Avisor)

Panda spots rise of non-delivery report spam

(CBR Online)

Spammers turn to fake non-delivery reports


Bouncing spam rises by 2000 percent

(IT Pro)

PandaLabs: Non-Delivery Report Email Spam Rises 2000%

(Dark Reading)