Major email infection campaign under way over the last month says Commtouch

According to the Israel-headquartered IT security vendor, even though spam levels are stable, the surge in the number of infected emails suggests that someone, somewhere is trying hard – and that someone is a cybercriminal or organisation.

“And since the 8th of August they have been trying hard to infect millions of computers worldwide. The purpose of this vast computing force is still not clear,” says the firm.

The attacks of the last month, adds the company, have made extensive use of email-attached malware, resulting in abnormally high levels. Whereas pre-outbreak levels varied between a few hundred million emails to around 2 billion per day, since August 8 the infections have been peaking at almost 25 billion emails in one day.

Analysing the infected emails, Commtouch says that the infections have various new – and old – techniques such as UPS/Fedex, the map of love, and the hotel charge error.

The UPS/FedEx infections are certainly not a new tactic, says the security vendor, but they are clearly still effective. Recipients receive a notification of a package that is due to arrive or has been held up with more details promised in `the attached notice.'

The map of love, meanwhile, promises juicy information about global sites of interest with an attached map displaying a PDF icon, but is actually an executable file.

Last, but not least, the new `hotel charge error' infected email advises recipients about an erroneous hotel bill. The attachment uses special text which reverses the direction of the last 6 letters of the file, showing an `exe' file as a `doc' that supposedly includes details of the incorrect charges.

Commtouch says that, although the emails are unwanted and unsolicited, it does not define them as spam, due to the attached malware files. This is, adds the firm, an important distinction since it allows its researchers to differentiate between malware distribution, and spam distribution which is generally focused on product marketing/

So what is the aim of this surge in infections?

The firm says that, in the past, large malware outbreaks have resulted in the expansion of botnets which have then been used to send large volumes of spam, but this does not seem to be the case now.

“Spam levels have been at their lowest in years following the Rustock botnet take down in March. The malware outbreaks of the last month do not appear to have had any effect on these levels”, notes Commtouch in an advisory due to be sent out early next week.

Commtouch says it is continuing its investigations, but speculates that the surge in malware attachments to emails may be to stage DDoS attacks, steal banking credentials or stealing social networking site IDs and passwords.

What’s Hot on Infosecurity Magazine?