Malspam is different spam
Malspam’ (an umbrella term for spam campaigns that deliver malware or send users to phishing sites) has long been the prominent way for individuals and organisations to get themselves infected. These campaigns are opportunistic (i.e. non targeted), which distinguishes them from very targeted spear-phishing campaigns. Yet these malspam campaigns also differ in a number of fundamental ways from ordinary spam, which positively affects their effectiveness and negatively affects our ability to analyse them. In this talk, I will explain how most malspam campaigns differ from ordinary spam, based on years of studying the email part of such campaigns in our lab. I will discuss how this makes them a lot better at bypassing email filters and how this affects their visibility.