New trick by spammers: E-mails that overwhelm filters

— -- Short-lived blasts of viral e-mail are sweeping across the Internet, posing an intensified risk to e-mail users.

Last week, an e-mail message purporting to come from the IRS began swamping e-mail systems across America.

It advised recipients to download a government form to resolve a question about under-reported income.

Downloading the form actually gave control of the PC to the attacker, who immediately began using it to send copies of the viral message to all of the recipient's contacts.

Within a few hours, security firms began to block hundreds of thousands of copies of the bogus IRS message per hour. As defenses stiffened, the spammers backed off.

By the end of the workday, the campaign had fizzled.

"The bad guys use this approach to beat slow-moving, reactive spam filters," says Cisco security researcher Henry Stern. "These hit-and-run bursts are so fast that the damage is done before word can get out."

Spam bursts invariably carry infections crafted to replenish networks of infected computers, called botnets, that supply the computing power for cybercrime.

Top botmasters direct tens of thousands of infected PCs at a time to steal data, sell unregulated drugs or fake anti-virus protection and hijack online financial accounts. And they continually start new botnets or replenish existing ones.

Hundreds of spam bursts have flashed across the Internet this year. Some have carried messages purporting to resolve UPS and FedEx shipping mistakes. Others referenced news articles and videos about Michael Jackson's death and the swine flu outbreak.

Security experts expect spam bursts to continue, keyed to sporting events and holidays.

"We're seeing nearly all of the larger botnets begin their campaigns in this fashion," says Fred Touchette, senior analyst at messaging security firm AppRiver.

Typically, a newly infected PC will instantly begin replicating the spam burst to other PCs. "This perpetuates the tactic and also gives the botmaster another machine to use for future burst attacks," says Sam Masiello, director of threat management for McAfee's MX Logic messaging security division.