Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Spam Becomes Less But More Malicious

BitDefender UK : 18 May, 2012  (Technical Article)
A study from BitDefender has shown that the reducing levels of spam hides a trend for messages to be more malicious in their nature
Spam Becomes Less But More Malicious
Bitdefender has announced that while the volume of spam messages is falling, the number of messages containing malicious attachments increased, meaning that spam is growing more dangerous even as it becomes less prevalent, according to a Bitdefender study.

The number of malicious attachments in January of this year rose four per cent from the same period of last year, even as the overall number of spam messages sent dropped by more than 16 per cent in the first quarter of 2012 from the last quarter of 2011, Bitdefender research shows. Of the 264.6 billion spam messages sent daily, 1.14 per cent carry attachments - about 300 million of which are malicious.

After increasing in January, the growth of malicious attachments levelled off amid an apparent pause in spam campaigns even though spam continued to fall overall. Attachments may come in the form of phishing forms that trick users into typing in credit card credentials for scammers to use whenever they want. Or they may pack malware such as Trojans, worms and viruses that can eventually cause trouble to innocent users.

As this type of attachment has become a growing concern around the web, Bitdefender wanted to see what exact pieces of malware end up in users’ inboxes. Here are top five most interesting and frequent malware samples attached to spam e-mails:

First discovered in 2008 - MyDoom - a mass mailing worm continues to be among the most persistent pieces of malware to pierce users’ inboxes. After the skillfully social engineered emails convince the user to open the attachment, the worm sends itself to all email addresses found on that system using a variety of senders, subject tags and body text samples.

MyDoom also drops a backdoor component on the system-host to grant a remote attacker full access to the user’s computer. It also updates a list of infected IP addresses on a remote server. This way, every compromised system is listed into a common database of infected computers accessible to the worm. MyDoom is known to be used in denial-of-service attacks against antivirus and software producing companies‘ sites.

The second most widely spread malicious attachment is a generic Javascript downloader that comes in the form of an obfuscated JS inside the HTML attachment. When the user opens the attached HTML file, the obfuscated Javascript executes itself and injects an iFrame in the same HTML page it resides in. This iFrame loads malicious contents from third-party servers, which results in system compromise.

Ranking third is Netsky - a mass mailer like MyDoom that, apart from sending itself to all email addresses found on the compromised system, also spreads via FTP, P2P or shared files. The crafty subject tags range from accusations and error messages to love declarations or money transactions, and include celebrity names to make them more appealing to the victim. If the user opens the attachment, the worm displays a message (made to look as though coming from the locally installed AV solution) saying that no virus is found on the system.

Another peculiarity is that Netsky never sends itself to email addresses containing words related to security and antivirus industry (@antivirus, @FBI, @freeav, Bitdefender etc).

In fourth place is Mytob - a worm known to prevent users from connecting to a multitude of security solutions vendors’ sites while opening a backdoor to allow access to ill-intentioned remote intruders. This way the system is open to any sort of malicious exploitation.

The Bagle worm comes in fifth, as a mass mailer gathering addresses and sending itself to all email addresses it stumbles upon on the compromised system. It also downloads further addresses from an embedded list of online locations. To pass undetected it terminates processes mostly related to locally installed anti-virus solutions. It then downloads and executes files from numerous dubious websites.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo