- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
CSO - Trust, but verify. That was the motto of President Ronald Reagan. It also ought to be the motto of everyone who uses email.
Security vendors Sophos and Kaspersky Lab both have in recent days warned of scam emails using the names of well-established companies to try to lure victims to malware sites. The scheme is obvious, or ought to be -- they figure if they use a trusted name, victims will trust the link.
The scams have been present virtually since email began, but security experts say they are increasing at an accelerating pace.
Graham Cluley, senior technology consultant at Sophos, reported early last week on a "widespread malware campaign that has been spammed out, disguised as a communication from DHL Express." He said it claims to be a tracking notification.
A few days later, Cluley reported on emails claiming to be from companies like British Airways, LinkedIn, YouTube, Google and Amazon. "The truth is that the headers are forged, and the emails have been specially crafted to look like legitimate communications from online firms, he wrote.
"Clicking on the links could send your computer to Canadian pharmacy-like spam sites offering to sell you Viagra, or even webpages hosting malicious payloads," he wrote.
On Kaspersky Lab's Threatpost blog, Brian Donohue wrote: "Criminal hackers launched an attack campaign earlier this week in which they sent a slew of emails purporting to come from the financial software developer Intuit. The emails contained links that led to sites hosting the Blackhole exploit kit in an apparent attempt to infect the machines of corporate users."
There are multiple other examples, purporting to come from American Express, Microsoft and others.
There are mixed opinions about whether this means that malware attacks are now more focused on email than web searches. Chester Wisniewski, a senior security adviser with Sophos, said web infections still impact more users than any other method.
"There has been an increase in malicious email, but it hasn't approached the amount of infections sourced from the web," he said. "It really is just a change in how email infections work. They used to be attached EXEs and SCRs that were simple Trojans. Most organizations are smart enough to block executables from entering through their email gateways, so criminals have moved on to HTML, PDF and RTF files."
But Bogdan Botezatu, senior e-threat analyst at Bitdefender, said web search malware "has now lost ground in terms of email spam bundled with malicious attachments or malicious links."
Botezatu said a Bitdefender study earlier this year found that of 264.6 billion spam messages sent daily, 1.14% carry attachments. "That means that, every day, about 300 million spam messages carry a malicious payload. We expect this trend to increase by 2% to 6% from one year to another," he said.
Cluley said it is difficult to compare the two types of attacks strictly in numerical terms. "Many attacks these days will incorporate aspects of both. An email may contain a link to a malicious website, or an email with a dangerous attachment may then download further code from the web," he said.