That particular malware spike took the form of a simple text email that masqueraded as a variety of different mundane messages – from bank notices, invoices and even payroll forms, according to AppRiver. And it was prodigious: traffic during the four days’ activity was roughly 40 times the annual daily average, nearing 60 million messages per day. “Normal” levels hover between 5 and 10 million messages per day globally.
“However, the attachment was far from innocent. It contained a relatively simple Trojan downloader, that having infected the target machine, would then draw down further payloads to the compromised machine,” explained Fred Touchette, AppRiver’s senior security analyst, in an emailed statement. “In most of these cases Zeus activity was noticed after the initial infection.”
Zeus is well known and widely deployed as a banking trojan capable of stealing credit card numbers, PINs and passwords, keylogging, browsing information and grabbing various other account information such as POP and FTP credentials.
AppRiver’s monitoring system also detected that many of the botnets involved in sending out the spam were suspected to be new sources. Touchette added, “It’s not clear whether these bots were recruited from brand-new infections, or possibly existing botnets that have been dormant for a while before becoming active again for this latest onslaught.”
As far as protection, users should take a layered security approach, and make sure firewalls and anti-virus software is not just used but updated to identify the latest threats. They should also consider an email filtering service
“Definitely don’t make it easy for the criminals - make sure systems aren’t left vulnerable by applying software patches, especially for the malware authors favorites such as Java, Adobe products and popular operating systems,” Touchette counseled. “There’s always risk involved - whether the malicious traffic levels are high or subdued. It only takes one successful malware attack to ruin a victim’s day, year, or even longer.”