Spammers use 'read receipts' in new campaign

News by Dan Raywood

A new wave of malicious spam promoting sexual medication has been detected.

A new wave of malicious spam promoting sexual medication has been detected.


BitDefender has revealed that the new spam campaign resides both on its amplitude and the mix of requests for delivery confirmations for the unsolicited e-mails.


The first technique uses a ‘read receipt or notification' method to make the recipient think that they have received and read the message, enabling the spammer to know that the address is valid and active. If the recipient does not send the read receipt, the spammers deploy a secondary layer of confirmation techniques which uses a reference to a remotely stored image.


Should the previous two confirmation tricks fail, the third layer takes advantage, especially when the victims suspects foul play but may not be aware of the “classic” unsubscribe or opt-out scam. The alleged opt-out links do not unsubscribe the recipient from the mailing list, but confirm instead that the e-mail address is fully functional and ready to get even more spam.


Vlad Valceanu, head of BitDefender's Antispam Researchm said: “Users should be aware that without the appropriate security solution the integrity of their systems is at an extremely high risk. To validate the e-mail address means that the user has signed the death sentence of his or her inbox.


“The next messages the spammers will send could carry a piece of malware that wipes out the hard drive or harvests and sends out sensitive data, like the credit card number the user types when purchasing goods online.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews