Spam messages have always been a major driving force in the spread of malware almost as long as email has been around. Scammers, according to an AppRiver study, are now practicing methods to hide their mischievous activities behind blizzards of spam in a technique called Distributed Spam Distraction (DSD).
AppRiver, an email and web security expert corporation, revealed in this year's Mid-Year Threat Report that scammers rolled out a new method for distributing spam messages specifically by flooding inboxes with a plethora of messages. In some instances, as examined by AppRiver, as many as 60,000 messages are distributed within a period of 24 hours. The purpose of such an assault is to prevent the victim from reading legitimate email messages providing they are inundated with thousands of spam messages.
One aspect of the majority of the spam message flooding inboxes in what AppRiver refers to as a Spam Blizzard do not contain malware or malicious links. This is done, so the emails actually pass through the inbox and not stopped by any detection entities.
Within the AppRiver report it states "In order to hide account transaction information confirmation emails, such as purchase receipts or balance transfers which now arrive instantly via email, the attackers, just before they make the illegal transactions, turn on this deluge of spam email in order for these very important emails to get lost in the flood."
For email recipients of the spam blizzards to block such messages they will need to block them based on content. This method is very difficult to do, which in essence, will ultimately allow the spam to continue to overwhelm users.
The conclusive objective of spam blizzards is to prevent users from checking legitimate email message. As far as the spread of malware, it has not been discovered to spread major variants of identifiable malware at this time. However, such a technique could be utilized to spread aggressive malware attached to spam messages or even aimed at smartphones running the Android operating system to find additional security holes.