Significant rise in malicious spam and phishing

Posted by   Virus Bulletin on   Apr 11, 2012

Over one quarter of malicious emails contain eight-year-old malware.

Email security firm eleven has reported a significant rise in both malicious emails and phishing emails in the first quarter of 2012.

In its latest quarterly report, the company says that while spam levels stayed more or less constant, the volume of emails with malware attached to it increased by over 80%. The volume of phishing emails increased by more than double that rate.

With about one quarter of spam advertising (fake) pharmaceutical products, pharma spam continues to be the most prevalent. The company also noticed a significant rise in casino spam in recent months, which now accounts for close to one fifth of all spam. The third most common subject in spam messages was fake luxury goods.

Given its notorious reputation and the many variants that exist, it will come as little surprise that Zeus (also known as 'Zbot') was the malware family that was most likely to be attached to emails; two Zeus campaigns alone accounted for more than one third of all malicious spam. More surprising was the fact that more than one in four malicious emails contained a variant of the 'MyDoom' worm: MyDoom was first seen in January 2004 and should thus be detected by any anti-virus product - even those that have not been updated for a long time.

For a long time it had been believed that malicious spam was a thing of the past and that spam filters and anti-virus products together made email a less attractive method for cybercriminals to spread malware. However, the volume of malicious emails saw a sudden spike in August 2011, and this trend has continued, with spammers using various credible-sounding subjects to trick the recipients into opening the attachments. On a much smaller scale, the use of malware attachments in targeted attacks also continues to be a problem.

More at eleven's website here (in German).

Posted on 11 April 2012 by Virus Bulletin

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VB2019 paper: APT cases exploiting vulnerabilities in region-specific software

At VB2019, JPCERT/CC's Shusei Tomonaga and Tomoaki Tani presented a paper on attacks that exploit vulnerabilities in software used only in Japan, using malware that is unique to Japan. Today we publish both their paper and the recording of their…

New paper: Detection of vulnerabilities in web applications by validating parameter integrity and data flow graphs

In a follow-up to a paper presented at VB2019, Prismo Systems researchers Abhishek Singh and Ramesh Mani detail algorithms that can be used to detect SQL injection in stored procedures, persistent cross-site scripting (XSS), and server‑side request…

VB2020 programme announced

VB is pleased to reveal the details of an interesting and diverse programme for VB2020, the 30th Virus Bulletin International Conference.

VB2019 paper: Cyber espionage in the Middle East: unravelling OSX.WindTail

At VB2019 in London, Jamf's Patrick Wardle analysed the WindTail macOS malware used by the WindShift APT group, active in the Middle East. Today we publish both Patrick's paper and the recording of his presentation.

VB2019 paper: 2,000 reactions to a malware attack – accidental study

At VB2019 cybercrime journalist and researcher Adam Haertlé presented an analysis of almost 2000 unsolicited responses sent by victims of a malicious email campaign. Today we publish both his paper and the recording of his presentation.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.