One in ten spam messages contains drive-by download link

Posted by   Virus Bulletin on   Oct 24, 2012

80-fold increase in one month.

I do not think I am unique in that I can recognize (most) phishing pages from a mile away and that I know that, if I ever wanted to buy performance-enhancing drugs of any kind, I should not buy them through a link found in a spam message. However, that doesn't mean I can safely click on URLs in emails to see whether they link to something legitimate.

As someone who keeps a close eye on spam trends, I had noticed a recent increase in spam messages linking to drive-by download sites: websites that attempt to infect your machine, generally by exploiting a vulnerability in an outdated browser plug-in. Still, I was a little shocked when anti-spam firm Eleven reported that, in September, almost one in ten spam messages contained a malicious URL - an 80-fold increase since August.

Various reports have suggested that there isn't a lot of money to be made in commercial spam these days. The numbers reported by Eleven indicate that spammers are adapting quickly and, probably by using affiliate pay-per-install schemes, are finding other ways of making money through their vast delivery networks.

Most of the emails claim to come from well-known brands such as Amazon or LinkedIn - companies from which many users commonly receive emails. And an even more worrying trend is that of malicious spam sent from compromised accounts to the contacts in the victim's address book: who would think twice before clicking a link sent to them by a good friend?

Running a spam filter remains essential to keep most of these threats at bay. But for those emails that do make it through the filter, running (web) security software and applying security software patches whenever they become available is just as important.

More (in German) at Eleven's security blog here.

Posted on 24 October 2012 by Martijn Grooten



Latest posts:

Haroon Meer and Adrian Sanabria to deliver VB2019 closing keynote

New additions to the VB2019 conference programme include a closing keynote address from Thinkst duo Haroon Meer and Adrian Sanabria and a talk on attacks against payment systems.

Free VB2019 tickets for students

Virus Bulletin is excited to announce that, thanks to generous sponsorship from Google Android, we are able to offer 20 free tickets to students who want to attend VB2019.

VB2018 paper: Lazarus Group: a mahjong game played with different sets of tiles

The Lazarus Group, generally linked to the North Korean government, is one of the most notorious threat groups seen in recent years. At VB2018 ESET researchers Peter Kálnai and Michal Poslušný presented a paper looking at the group's various…

Book your VB2019 ticket now for a chance to win a ticket for BSides London

Virus Bulletin is proud to sponsor this year's BSides London conference, which will take place next week, and we have a number of tickets to give away.

First 11 partners of VB2019 announced

We are excited to announce the first 11 companies to partner with VB2019, whose support will help ensure a great event.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.