Commtouch reports huge spike in infected email

Someone's up to something big in the cybercriminal world
Kerry Butters

September 20, 2011

Security company Commtouch has noticed a huge spike in the number of malicious emails being sent since the beginning of last month.

However, nobody seems to know the reason for this as spam levels continue to fall.

The number of emails sent since last month that had attachments infected with malware suddenly jumped from an average of around “a few hundred million to 2 billion” to a massive 25 billion in one day.

There could be many reasons for this, but the most likely is that it is some kind of targeted campaign with the result being an enormous attack on an unknown source.

Commtouch says that it is likely to be a cybercriminal or organisation who have “since the 8th of August […] been trying hard to infect millions of computers worldwide”.

The emails have come in a number of guises, one purporting to be from UPS or FedEx, telling the user to open the attachment as it concerns a package that is due or has been held up.

Another promises info on “global sites of interest” and attaches a PDF icon which is actually an executable.

Whilst yet another tells the user that they have been overcharged in error by a hotel. This uses special text which reverses the direction of the last 6 letters of the file. Instead of showing “cod.exe” the user sees “exe.doc”.

Commtouch reports that many of the mails have been successful in their efforts and that “infection rate is generally linear – the more malware is emailed, the greater the final number of infections”.

This is because once the malware has arrived on the client machine then more files are downloaded, which, Commtouch says, have an unknown use.

Commtouch commented: “Although these emails are unwanted and unsolicited, we don’t define them as ‘spam’ due to the attached malware. This is an important distinction since it allows us to differentiate between malware distribution, and spam distribution which is generally focused on product ‘marketing’.”

It is thought that this outbreak is not intended to create and send spam, but has a more sinister payload. The company also says that the explosion in malware email has had no significant impact on the amount of spam being sent.

Possible payloads include DDoS attacks, bank fraud, theft of email accounts, and “preparation for a large-scale internet-wide attack” or “some other evil activity”.

Commtouch also point out that “effort has gone into creating the different email themes [and] templates” and that the size of the attacks, when compared to previous months, have increased by “hundreds of percent”.

Certainly food for thought for many security professionals, and a situation that should have large corporations scrutinising their security systems closely.


Post a comment

Your email address will not be published. Required fields are marked *

Visited 1971 times, 1 so far today