Malicious spam back on the increase reports M86 researcher

"Our stats show the bot herders are gearing up again with the proportion of spam with malware attachments rising, although still not as high as the peaks we saw mid last year when the Bredolab and Cutwail botnets were in full swing", he says in his latest security blog.

Mendrez reports that, after bot herders took a brief Easter break, they are back to sending new waves of malicious spam.

The first spam campaign was sent by the Cutwail botnet last week and analysis indicates that the message appears to be an invoice from Bobijou, the online jeweller.

There is, he notes, a chance that people might fall into this trap especially as the message claims money on the recipient's credit card was involved, but if you take a closer look at the subject line – successful order 3677718 – the bad spelling gives the game away.

Another malicious spam campaign originating from the Donbot botnet that came in late last week, he adds, uses a common and less-than-creative theme with a sexual subject line.

The M86 security researcher claims that the Donbot botnet's spam output is on the rise, and this is the first time we have seen it spreading malicious attachments.

"Both spam campaigns contain a zipped attachment which, once extracted, contains an executable file that downloads – surprise, surprise – fake antivirus", he says.

As if all of this was not enough, Mendrez says that last week he and his team saw more output from the Asprox botnet's 'spam from your Facebook account' campaign, that preys on people’s fears about the security of their Facebook accounts.

This campaign, he notes, first came out last year, illustrating that the bot herders behind Asprox often cycle their spam campaigns between UPS, DHL, FEDEX and iTunes Gift Certificate, among others.

The attachment, he goes on to say, is a trojan that aims to seed the Asprox bot executable in the infected host, which is then used for spamming purposes.

"We have blogged about these types of threats many times before. In a sense, it's the same old stuff with slightly different social engineering. Be wary", he says.

What’s hot on Infosecurity Magazine?