Share

Top 5 Stories

News

Malicious Email Level Hits a 5-Year High

05 February 2014

Malware-laden emails have hit a five-year high, and they’re not all payday loan offers and dubious monetary offers from Nigeria, either. In January, a spike in virus-carrying messages, between the 7th and 10th of the month, pushed the total malicious message count to the highest monthly total since the third quarter of 2008.

That particular malware spike took the form of a simple text email that masqueraded as a variety of different mundane messages – from bank notices, invoices and even payroll forms, according to AppRiver. And it was prodigious: traffic during the four days’ activity was roughly 40 times the annual daily average, nearing 60 million messages per day. “Normal” levels hover between 5 and 10 million messages per day globally.

“However, the attachment was far from innocent. It contained a relatively simple Trojan downloader, that having infected the target machine, would then draw down further payloads to the compromised machine,” explained Fred Touchette, AppRiver’s senior security analyst, in an emailed statement. “In most of these cases Zeus activity was noticed after the initial infection.”

Zeus is well known and widely deployed as a banking trojan capable of stealing credit card numbers, PINs and passwords, keylogging, browsing information and grabbing various other account information such as POP and FTP credentials.

AppRiver’s monitoring system also detected that many of the botnets involved in sending out the spam were suspected to be new sources. Touchette added, “It’s not clear whether these bots were recruited from brand-new infections, or possibly existing botnets that have been dormant for a while before becoming active again for this latest onslaught.”

As far as protection, users should take a layered security approach, and make sure firewalls and anti-virus software is not just used but updated to identify the latest threats. They should also consider an email filtering service

“Definitely don’t make it easy for the criminals - make sure systems aren’t left vulnerable by applying software patches, especially for the malware authors favorites such as Java, Adobe products and popular operating systems,” Touchette counseled. “There’s always risk involved - whether the malicious traffic levels are high or subdued. It only takes one successful malware attack to ruin a victim’s day, year, or even longer.”

 

This article is featured in:
Industry News  •  Internet and Network Security  •  IT Forensics  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×