Spam Drops; Malicious Attachments Hike

Monday, May 21, 2012 @ 04:05 PM gHale


While spam message volume is declining, the level of maliciousness continues to ratchet upward in attachments, a new study said.

The number of malware-driven attachments in January this year rose four percent from the same period of last year, even as the overall number of spam messages sent dropped by more than 16 percent in the first quarter of 2012 from the last quarter of 2011, Bitdefender research showed. Of the 264.6 billion spam messages sent daily, 1.14 percent carry attachments — about 300 million of which are malicious.

RELATED STORIES
Email Provider Phishing Attacks Up 333%
Phishing Ploy Garners Logins
Russian Cybercrime Consolidates, Grows
Spammers: It Just Keeps Working

After increasing in January, the growth of malicious attachments leveled off amid an apparent pause in spam campaigns even though spam continued to fall overall. Attachments may come in the form of phishing forms that trick users into typing in credit card credentials for scammers to use whenever they want. Or they may pack malware such as Trojans, worms and viruses that can cause trouble.

As this type of attachment has become a growing concern around the web, Bitdefender discovered the top malware that ends up in users’ inboxes.

First discovered in 2008 – MyDoom – a mass mailing worm continues to be among the most persistent pieces of malware to pierce users’ inboxes. The worm sends itself to all email addresses found on that system using a variety of senders, subject tags and body text samples.

The second most widely spread malicious attachment is a generic Javascript downloader that comes in the form of an obfuscated JS inside the HTML attachment. When the user opens the attached HTML file, the obfuscated Javascript executes itself and injects an iFrame in the same HTML page it resides in. This iFrame loads malicious contents from third-party servers, which results in system compromise.

The third ranked malicious attachment is Netsky — a mass mailer like MyDoom that, apart from sending itself to all email addresses found on the compromised system, also spreads via FTP, P2P or shared files. The crafty subject tags range from accusations and error messages to love declarations or money transactions, and include celebrity names to make them more appealing to the victim. If the user opens the attachment, the worm displays a message (made to look as though coming from the locally installed AV solution) saying that no virus is on the system.

In fourth place is Mytob — a worm known to prevent users from connecting to a multitude of security solutions vendors’ sites while opening a backdoor to allow access to ill-intentioned remote intruders. This way the system is open to any sort of malicious exploitation.

The Bagle worm comes in fifth, as a mass mailer gathering addresses and sending itself to all email addresses it stumbles upon on the compromised system. It also downloads further addresses from an embedded list of online locations. To pass undetected it terminates processes mostly related to locally installed anti-virus solutions. It then downloads and executes files from numerous dubious websites.



Leave a Reply

You must be logged in to post a comment.