Google Calendar used to deliver spam

March 28, 2008

According to Trend Micro, the Google Calendar tool is being used by spammers to get round spam filters, which is the first time they have seen such a mechanism being used.

Trend Micro have been tracking spam in all its different forms over the last 12 months, and have discovered this new method for delivering spam only recently.

Google Calendar meeting invitations differ from the average email in that the header contains specialised information which enables the message to update automatically and to cross reference itself with the rest of the system. The spammers use this fact to attach extra links to the invitation header and email the spam laden meeting invitations via the calendar.

The invitations can be personalised so that each victim receives a different link, and in order to attract the recipients attention even more, they can send out regular meeting reminders.

Normal spam filters can detect and block spam delvered via email attachment or image, but are not set up to protect against this new method of attack.

Jamz Yaneza, research project manager at Trend Micro, said ‘We will most likely see this delivery method used for other types of spam, such as pump-and-dump, links to web threats, etc.’

He continued, ‘It is likely that, on the back of this first attack, we can expect to see tools like Google Calendar further abused to contain malicious links and to steal sensitive information’.

Trend Micro is urging companies and individual users to be especially careful when they get meeting invitations or any form of unexpected mail.


Post a comment

Your email address will not be published. Required fields are marked *

Visited 1246 times, 1 so far today