A new spam campaign was blocked by SpamStopsHere this week. The attack looked like flight confirmations from Southwest Airlines, but was really a massive burst of dangerous email.
The attack may have been designed to begin and end too quickly for antispam software to detect it. Most antispam programs rely on a method called "Beyesian Heuristics" to guess the likelihood that an email is spam and improve their predictions over time. That may be too slow for such a massive yet brief attack.
The spam protection in SpamStopsHere works differently. A 24/7/365 threat analysis team watches for malicious email entering special "honeypots" that attract email from around the world. Within moments of a new attack, it is blocked by one or more proprietary filters that profile the spam campaign and can even block variations on it that follow.
We don't know if other anti-spam filtering programs blocked this campaign as quickly as the team at SpamStopsHere.
About The Email
The attack was a "Word Press exploit", in which the spammers upload web pages to someone's Word Press account and link to them in the email. This email appeared to come from Southwest Airlines, confirming an upcoming trip.
Although it looked like a typical phishing scam (urgent message, links to click on to check your account, etc.), it was actually a form of "medical spam". The pages on the Word Press sites had links to the spammer's web site, purporting to sell a male enhancement product.
The emails looked something like this:
You should NEVER click on the links in such an email. If you want to check the status of your account, type the name of the web site in your browser's address bar.