Email campaigns trying to spread the virulent Zeus trojan malware have increased in particular over the last month, according to Joe Stewart, a researcher in SecureWorks' Counter Threat Unit. The recent campaign designed to capitalize on fears around the H1N1 virus by spoofing emails from the Center for Disease Control is one good example of a malware distribution ruse, the company added.
"Several of these email scams are not only sent out en masse but have been very targeted, appearing to come from a personal organization the recipient knows or involving a subject they are familiar with", said SecureWorks.
As we swing into the holiday season, SecureWorks said that email-based malware campaigns targeting shoppers are more likely to increase. It expects to see a variety of malware scams covering fake holiday gift cards, coupons, electronic greeting cards, and other retail entities.
SecureWorks has published a range of security tips designed to protect online shoppers from malware in the run up to the holidays. This includes looking for the HTTPS preference on websites, indicating SSL protection, and being wary of unsolicited emails. That said, the recent discovery of a fundamental design flaw in the SSL protocol by two factor authentication company PhoneFactor brings such a device into question - SSL apparently no longer seems to guarantee security online.
Shoppers should also use a credit card that limits their liability, SecureWorks said. "Avoid using debit cards to do online purchases when possible so as to limit your personal exposure to any possible fraudulent transactions", the company concluded.
Concerns over the security of online shopping or becoming more important as e-commerce purchases grow during the holiday season. Analytics firm ComScore said this week that spending on cyber Monday (the first Monday after Thanksgiving) was up 5% compared to a year ago.