Spam, a popular vehicle for malware, still tricks people

Spam is still the go-to scheme to get malware on your computer.

More than 40 years after the first spam email was sent, it’s still a reliable way to infect your computer, according to Helsinki-based cybersecurity firm F-Secure.

The first spam was transmitted in 1978 when an email was sent via Arpanet, a precursor to the Internet, to 400 users. Since then, spam has remained one of the “main infection vectors” for malware, according to F-Secure.

Malicious spam is typically spread through links to shady websites, scams, and infected attachments.

Click rates for spam rose to 14.2 percent in the first half of 2018 from from 13.4 percent in the second half of 2017, said MWR InfoSecurity, which was acquired by F-Secure in June.


“Email spam is once again the most popular choice for sending out malware,” said Päivi Tynninen, Threat Intelligence Researcher at F-Secure, in a statement.

The time-honored technique is still the same: spew out massive numbers of emails in order to snare a small number of users, F-Secure said. That said, criminals constantly “refine their tactics” to boost their results, according to the cybersecurity firm.

Why spam is still king

Bad guys are getting better at tweaking their strategies based on simple but effective psychology. That includes tactics such as sending email ostensibly from someone the recipient knows and improving grammar and spelling. In particular, “error-free subject lines” are effective, F-Secure said.  As any computer user knows one of the easiest tip-offs to a scam is bad grammar.

Another reason: other tactics aren’t working.

So-called exploit kits are less popular now due to the demise of Adobe Flash as one of the most popular plugins on websites, said F-Secure.  Also, antivirus software is winning against commoditized malware threats.


So, the bad guys, who need to spread malware as a business model, have been forced to rely more on spam.

"Websites compromised by exploit kits were previously the main driver of malware infections. The drastic reduction of browser support for Flash Player basically removed the last best software for exploit kits to abuse," an F-Secure spokesperson told Fox News. "And in the time since, antivirus companies have been more and more successful in detecting malware attachments," the spokesperson said.

“We’ve reduced criminals to spam, one of the least effective methods of infection,” Sean Sullivan, F-Secure Security Advisor wrote in a blog post. “And honestly, I don’t see anything coming over the horizon that could lead to another gold rush so criminals are stuck with spam,” he said.