Holidays such as St. Valentine’s Day, Thanksgiving, Halloween and Christmas are occasions that receive a great deal of attention from spammers. Newsworthy events, including celebrity deaths and natural disasters as well as major sporting activities are also popular themes, and the FIFA World Cup is no exception, the report noted.

While spammers often re-send the same spam emails, they include the latest news headlines either in the subject line or somewhere in the body to catch attention of the recipient and increase the likelihood of the message being opened.

Taking advantage of the FIFA event, spammers are using soccer-themed keywords to hawk pharmaceutical products or counterfeit watches and jewelry with subject lines such as “20-hour wait in World Cup ticket line” and “Inter Milan win Italian Cup.” The body of the email will often contain poorly worded sentences crafted to lure the recipient to click the embedded links.

There are times when spammers spend more time on their campaigns and send out emails that are more individualized but with a touch of 419 scams. A recipient may receive an email saying, “Your email address has been selected as one of the winners of the Nelson Mandela Foundation/Fifa 2010 World Cup Lottery Draw. Kindly review the attached letter for instructions on how you will claim your prize.”

This method of composing somewhat personal messages is much more difficult, so spammers usually go for the simpler, highly automated, “insert subject here,” “or add some text here” approaches. For spammers, it is an easy task to create automated scripts to insert relevant keywords and include them in their latest spam campaigns. However, because 419-style spam is done manually, it can often be the most difficult to recognize as it is designed to trick, scam, steal, infect and deceive, Symantec warned.

The latest version of S 773, the Senate Commerce, Science and Transportation Committee’s cyber security legislation, is expected to be approved by the Committee on Wednesday. The Internet Security Alliance (ISA) has announced its support for the new version of the bill, which removed the previously controversial “kill switch” for the Internet as well as cutting out the federally-mandated cyber standards for the private sector.

In a letter to the Committee, Larry Clinton, President of ISA, wrote “The approach reflected in the current draft is a vast improvement over the government centric, regulatory-mandate framework reflected in the initial version.”

If passed by the Committee, this will be the first cybersecurity bill to be approved by a Congressional Committee.The new version of the bill also removes the plan to announce publicly which sections of the critical infrastructure were most vulnerable to cyber attack.

“The Internet Security Alliance wishes to express its gratitude to Senators Rockefeller and Snowe for calling attention to the severe and growing cyber security problems our nation faces by introducing S 773,” Clinton wrote. “ISA also wishes to commend Committee staff for their exhaustive efforts over the past year or more to bring the draft Cybersecurity Act of 2010 to where it is today.”

Despite its support, ISA also believes there are still areas for improvement with the bill. ISA believes that the current bill’s proscription for an audit of private sector security in some sectors of the critical infrastructure would prove ineffective. It “undermines cybersecurity by draining resources that could otherwise be put towards substantive security activities,” Clinton wrote.

He continued “The current draft of S 773 exacerbates this problem by piling additional audit requirements on elements of the private sector without any promise that the audits will result in any improvements in security, or even that we will have the massive number of qualified auditors to conduct these redundant examinations.”

The letter also called on the bill to be altered to more effectively address incentive programs.

“ISA believes much more ought to be done to stimulate the cyber insurance industry to transfer the current massive financial risk the American taxpayer faces from the prospect of a major cyber event,” Clinton wrote. “Greater use of cyber insurance can also motivate adoption of improved security practices by private enterprise and provide a private sector funded mechanism to monitor adoption of adequate cyber security procedures throughout the business community.”

Melissa Hathaway

Additionally, the letter called for the inclusion of the tax incentives and liability reforms advanced in the 60 Day Cyberspace Policy Review written by Melissa Hathaway. However, the letter recognizes that the way Congress is designed, several of their recommendations could not be included by the current Committee.

The final area of concern for ISA is the “breadth of enterprises that the current bill will bring under its umbrella.”