As the year winds down, it seems like a good time to take a look back at the past 12 months and review the hazards chucked into our inboxes by spammers sending us hostile code of one form or another. Not only does such a retrospective serve an illustrative, instructional purpose, but we get one last opportunity to mock them before the year ticks over to 2015.
It's been a strange, though still incredibly dangerous, year for spam-borne hazards. While most of the campaigns I've summarized below seem to broadly target random strangers over the Internet, several were clearly spear-phishing attempts at obtaining sensitive information from individuals (including myself, as recently as a week ago).
For the most part, there haven't been many notable differences in the payloads delivered via email (I've been referring to the most common payloads of malicious spam as "The Usual Suspects" for most of the past year), and almost no variation in the methods used to deliver those payloads.
Instead, the spammers seem to have spent most of their time building up a large cache of unexpectedly varied social engineering scams designed to convince the recipient that the email message originates from a legitimate source. But that doesn't mean there haven't been technological advances, as well.
Among the oddest social engineering tricks used in spam this year were fake "NYPD Homicide Suspect" bulletins and Pizza Hut "coupon" emails, but these ended up lumped in with the vast majority of equally dangerous, if not quite so bizarre, targeted spam campaigns that were more plausible.