One in ten spam messages contains drive-by download link

Posted by   Virus Bulletin on   Oct 24, 2012

80-fold increase in one month.

I do not think I am unique in that I can recognize (most) phishing pages from a mile away and that I know that, if I ever wanted to buy performance-enhancing drugs of any kind, I should not buy them through a link found in a spam message. However, that doesn't mean I can safely click on URLs in emails to see whether they link to something legitimate.

As someone who keeps a close eye on spam trends, I had noticed a recent increase in spam messages linking to drive-by download sites: websites that attempt to infect your machine, generally by exploiting a vulnerability in an outdated browser plug-in. Still, I was a little shocked when anti-spam firm Eleven reported that, in September, almost one in ten spam messages contained a malicious URL - an 80-fold increase since August.

Various reports have suggested that there isn't a lot of money to be made in commercial spam these days. The numbers reported by Eleven indicate that spammers are adapting quickly and, probably by using affiliate pay-per-install schemes, are finding other ways of making money through their vast delivery networks.

Most of the emails claim to come from well-known brands such as Amazon or LinkedIn - companies from which many users commonly receive emails. And an even more worrying trend is that of malicious spam sent from compromised accounts to the contacts in the victim's address book: who would think twice before clicking a link sent to them by a good friend?

Running a spam filter remains essential to keep most of these threats at bay. But for those emails that do make it through the filter, running (web) security software and applying security software patches whenever they become available is just as important.

More (in German) at Eleven's security blog here.

Posted on 24 October 2012 by Martijn Grooten

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.