Significant rise in malicious spam and phishing

Posted by   Virus Bulletin on   Apr 11, 2012

Over one quarter of malicious emails contain eight-year-old malware.

Email security firm eleven has reported a significant rise in both malicious emails and phishing emails in the first quarter of 2012.

In its latest quarterly report, the company says that while spam levels stayed more or less constant, the volume of emails with malware attached to it increased by over 80%. The volume of phishing emails increased by more than double that rate.

With about one quarter of spam advertising (fake) pharmaceutical products, pharma spam continues to be the most prevalent. The company also noticed a significant rise in casino spam in recent months, which now accounts for close to one fifth of all spam. The third most common subject in spam messages was fake luxury goods.

Given its notorious reputation and the many variants that exist, it will come as little surprise that Zeus (also known as 'Zbot') was the malware family that was most likely to be attached to emails; two Zeus campaigns alone accounted for more than one third of all malicious spam. More surprising was the fact that more than one in four malicious emails contained a variant of the 'MyDoom' worm: MyDoom was first seen in January 2004 and should thus be detected by any anti-virus product - even those that have not been updated for a long time.

For a long time it had been believed that malicious spam was a thing of the past and that spam filters and anti-virus products together made email a less attractive method for cybercriminals to spread malware. However, the volume of malicious emails saw a sudden spike in August 2011, and this trend has continued, with spammers using various credible-sounding subjects to trick the recipients into opening the attachments. On a much smaller scale, the use of malware attachments in targeted attacks also continues to be a problem.

More at eleven's website here (in German).

Posted on 11 April 2012 by Virus Bulletin



Latest posts:

VB2019 paper: Fantastic Information and Where to Find it: A guidebook to open-source OT reconnaissance

A VB2019 paper by FireEye researcher Daniel Kapellmann Zafra explained how open source intelligence (OSINT) can be used to learn crucial details of the inner workings of many a system. Today we publish Daniel's paper and the recording of his…

VB2019 paper: Different ways to cook a crab: GandCrab Ransomware-as-a-Service (RaaS) analysed in depth

Though active for not much longer than a year, GandCrab had been one of the most successful ransomware operations. In a paper presented at VB2019 in London, McAfee researchers John Fokker and Alexandre Mundo looked at the malware code, its evolution…

VB2019 paper: Domestic Kitten: an Iranian surveillance program

At VB2019 in London, Check Point researchers Aseel Kayal and Lotem Finkelstein presented a paper detailing an Iranian operation they named 'Domestic Kitten' that used Android apps for targeted surveillance. Today we publish their paper and the video…

VB2019 video: Discretion in APT: recent APT attack on crypto exchange employees

At VB2019 in London, LINE's HeungSoo Kang explained how cryptocurrency exchanges had been attacked using Firefox zero-days. Today, we publish the video of his presentation.

VB2019 paper: DNS on fire

In a paper presented at VB2019, Cisco Talos researchers Warren Mercer and Paul Rascagneres looked at two recent attacks against DNS infrastructure: DNSpionage and Sea Turtle. Today we publish their paper and the recording of their presentation.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.