Panda reports 2000% surge in non-delivery report spam

Last month Panda Security’s anti-malware lab recorded a 2000% increase in the amount of different non-delivery report spam messages in circulation compared to the number of samples detected between January and June this year. 20% of global spam monitored by Panda Security uses this technique.

A non-delivery report (NDR) is an email automatically sent by mail systems to advise senders of problems delivering their messages. These messages are usually legitimate, but this mail server function is being exploited by spammers to distribute spam, using the sender’s real name. The spam content is usually sent as an attachment to the fake non-delivery notice. Although in most cases users have not sent the supposedly undelivered email, they still become curious and open it.

“There is presently no consensus on whether NDRs are a technique to evade anti-spam filters or a collateral effect of dictionary attacks (spam sent to millions of random email addresses,” says Jeremy Matthews, head of Panda’s sub-Saharan operations. “These waves of spam are usually generated through botnets (infected PCs controlled by attackers to launch spam, etc.). Since most NDRs are legitimate emails and, part of the mail server functionality, many traditional anti-spam techniques did not detect or block them up until now.”

Panda Security’s perimeter and corporate network security solutions include specific technologies for this type of spam. More information is available here: http://www.pandasecurity.com/enterprise/solutions/security-appliances/

Alex Matthews
Marketing & Communications | Sub-Saharan Africa
+27 (0)21 683 3899
www.pandasecurity.com

PANDA SECURITY One step ahead .