Snowshoe spam has a "small footprint" — it is sent is small, semi-targeted batches intended to sit below the trigger threshold for cloud-email spam filters, which treat floods of identical (or near-identical) messages as a solid indicator of spam.
Researchers at Talos, a division of Cisco, coined the term to refer to some French spam they caught trying to steal passwords from French Itunes users. Rather than going out in batches of tens of thousands or millions, this email went out in a trickle of 5,000 messages targeted to French users alone. Another run on Italian users comprised just 169 messages. Talos's Craig Williams says that snowshoe messages account for 15% of all global spam and have doubled in number in the past two years.
Snowshoe attacks continue to cause "severe" problems for spam filters, Cisco said. It's one of many vexing problems for the industry. Global spending on cyber-security technology is projected to surpass a record $83.6 billion in 2015, according to an estimate by researcher Gartner.
A separate attack, also in October, involved 169 e-mails targeting Italian PayPal users, Agari said. The messages came from a data-hosting company in France that hadn't been included on major blacklists before the attack. These e-mails, like most effective spam, didn't include attachments, which can be quickly scanned and flagged as malicious. Because Web links take longer to crawl, many filters don't bother.
E-Mail Spam Goes Artisanal
(Image: Snowshoe (PSF), public domain)