One in ten spam messages contains drive-by download link

Posted by   Virus Bulletin on   Oct 24, 2012

80-fold increase in one month.

I do not think I am unique in that I can recognize (most) phishing pages from a mile away and that I know that, if I ever wanted to buy performance-enhancing drugs of any kind, I should not buy them through a link found in a spam message. However, that doesn't mean I can safely click on URLs in emails to see whether they link to something legitimate.

As someone who keeps a close eye on spam trends, I had noticed a recent increase in spam messages linking to drive-by download sites: websites that attempt to infect your machine, generally by exploiting a vulnerability in an outdated browser plug-in. Still, I was a little shocked when anti-spam firm Eleven reported that, in September, almost one in ten spam messages contained a malicious URL - an 80-fold increase since August.

Various reports have suggested that there isn't a lot of money to be made in commercial spam these days. The numbers reported by Eleven indicate that spammers are adapting quickly and, probably by using affiliate pay-per-install schemes, are finding other ways of making money through their vast delivery networks.

Most of the emails claim to come from well-known brands such as Amazon or LinkedIn - companies from which many users commonly receive emails. And an even more worrying trend is that of malicious spam sent from compromised accounts to the contacts in the victim's address book: who would think twice before clicking a link sent to them by a good friend?

Running a spam filter remains essential to keep most of these threats at bay. But for those emails that do make it through the filter, running (web) security software and applying security software patches whenever they become available is just as important.

More (in German) at Eleven's security blog here.

Posted on 24 October 2012 by Martijn Grooten



Latest posts:

VB2019 conference programme announced

VB is excited to reveal the details of an interesting and diverse programme for VB2019, the 29th Virus Bulletin International Conference, which takes place 2-4 October in London, UK.

VB2018 paper: Under the hood - the automotive challenge

Car hacking has become a hot subject in recent years, and at VB2018 in Montreal, Argus Cyber Security's Inbar Raz presented a paper that provides an introduction to the subject, looking at the complex problem, examples of car hacks, and the…

VB2018 paper and video: Android app deobfuscation using static-dynamic cooperation

Static analysis and dynamic analysis each have their shortcomings as methods for analysing potentially malicious files. Today, we publish a VB2018 paper by Check Point researchers Yoni Moses and Yaniv Mordekhay, in which they describe a method that…

VB2019 call for papers closes this weekend

The call for papers for VB2019 closes on 17 March, and while we've already received many great submissions, we still want more!

Registration open for VB2019 ─ book your ticket now!

Registration for VB2019, the 29th Virus Bulletin International Conference, is now open, with an early bird rate available until 1 July.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.