Significant rise in malicious spam and phishing

Posted by   Virus Bulletin on   Apr 11, 2012

Over one quarter of malicious emails contain eight-year-old malware.

Email security firm eleven has reported a significant rise in both malicious emails and phishing emails in the first quarter of 2012.

In its latest quarterly report, the company says that while spam levels stayed more or less constant, the volume of emails with malware attached to it increased by over 80%. The volume of phishing emails increased by more than double that rate.

With about one quarter of spam advertising (fake) pharmaceutical products, pharma spam continues to be the most prevalent. The company also noticed a significant rise in casino spam in recent months, which now accounts for close to one fifth of all spam. The third most common subject in spam messages was fake luxury goods.

Given its notorious reputation and the many variants that exist, it will come as little surprise that Zeus (also known as 'Zbot') was the malware family that was most likely to be attached to emails; two Zeus campaigns alone accounted for more than one third of all malicious spam. More surprising was the fact that more than one in four malicious emails contained a variant of the 'MyDoom' worm: MyDoom was first seen in January 2004 and should thus be detected by any anti-virus product - even those that have not been updated for a long time.

For a long time it had been believed that malicious spam was a thing of the past and that spam filters and anti-virus products together made email a less attractive method for cybercriminals to spread malware. However, the volume of malicious emails saw a sudden spike in August 2011, and this trend has continued, with spammers using various credible-sounding subjects to trick the recipients into opening the attachments. On a much smaller scale, the use of malware attachments in targeted attacks also continues to be a problem.

More at eleven's website here (in German).

Posted on 11 April 2012 by Virus Bulletin

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.