Cisco Threat Research Blog
Threat intelligence for Cisco Products
We detect, analyze, and protect customers from both known and unknown emerging threats
Snowshoe Spam Attack Comes and Goes in a Flurry
This post is co-authored by Jaeson Schultz and Craig Williams.
Every so often, we observe certain spam campaigns that catch our interest. On August 15, we observed a particular spam campaign that caught our attention because it was using “snowshoe” spam techniques combined with PDF exploitation. While neither of these techniques are new, we have seen a growing trend involving snowshoe spam and we wanted to explain why the bad guys seem to be moving in that direction with a real world example. As you can see from the chart below, we’ve seen the amount of snowshoe spam double since November of 2013.
Snowshoe spam can be a challenge for some anti-spam detection techniques because it typically uses multiple IP addresses with very low spam volume per IP address. Depending on how an anti-spam technology works, this can cause severe problems with detection. Typically technologies that use multiple defensive layers of protection, like Cisco’s ESA, are much more successful at combating snowshoe spam. We’ve previously discussed these tactics in a previous blog post.
CONNECT WITH CISCO
LET US HELP
Call us: 1.800.553.6387 - Ext 118
US/Can | 5am-5pm Pacific Other Countries