Spammers are using a new hit and run technique to get past filters. Instead of long prolonged attacks, they are using brief floods of spam to get malicious spam past filters and blacklists. The latest campaign to use this technique was a message that claimed to be from the IRS informing the recipients that there may be a problem with under-reported income. The included link directs them to a site where they can download a “government form”. Instead it downloads malware that adds the recipient’s computer to a botnet and sends the same spam to everyone in their address book.

The spam flooded email systems for just a day. Several hundred thousand messages were sent. As soon as security experts detected it and it was added to blacklists and filters, the attack stopped.

          “The bad guys use this approach to beat slow-moving, reactive spam filters,” says Cisco security researcher Henry Stern. “These hit-and-run bursts are so fast that the damage is done before word can get out.”

More spam bursts are expected and indeed one exploiting the recent death of popular actor Patrick Swayze is already out there. Swayze died of cancer on Monday, and within 48hrs there was a new spam campaign offering links to his funeral. Those links led to malicious sites that pushed rogue anti-virus programs or downloaded Trojans and keyloggers to visitors computers. In a related attack, malicious links have also turned up in search engine results thanks to black hat SEO.