Spammers use your cat's name to sell you Viagra

Spammers are using spyware to steal personal information -- such as a pet's name -- so they can send spam emails with personalised subject lines

Spammers have started using spyware to steal personal information so they can customise the subject lines of unsolicited emails to increase their chances of being read.

Research by email security firm MessageLabs has revealed that spammers are targeting companies and individuals with unsolicited messages that have subject lines containing names, familiar words or phrases that have been stolen from the victim's computer.

This is possible once a computer has been compromised with a piece of spyware that can track keystrokes or scan documents and send the information back to the spammer.

MessageLabs' senior anti-spam technologist Matt Sergeant said the spam target is more likely to open an email if the subject line contains information that is directly relevant to them or their job.

"The idea is that by using familiar words and phrases, such as passwords, a pet's name or a company name, users will be more likely to open the email," Sergeant said.

The volume of spam has increased dramatically over the past two years, so much so that some security companies say the majority of email traffic is now spam. The problem intensified with the emergence of viruses and Trojans that were designed to infect unprotected computers and turn them into spam-sending zombies.

As the spam problem grows, so does the anti-spam industry; as a result, the spammers have started colluding with malware writers to try and increase their hit rates, according to MessageLabs.

Sergeant said that the lines between different email security threats are becoming more and more blurred.

"We increasingly find that spammers, virus writers and hackers are combining their malware to create evermore sophisticated email security threats," said Sergeant.

Maxine Holt, senior research analyst at Butler Group, said the spyware problem is potentially very serious. She said there is no way for a company to completely protect itself without disrupting every day business activities, so they should combine technology with education and enforce a security policy to reduce their risk as much as possible.

"Companies need to ask themselves what level of risk they are willing to accept in order to conduct their day-to-day business. Security is not just at the perimeter," Holt said.