Skip Links

Web still king, but email stages scam comeback

Experts call for better filters, but urge users to 'be suspicious'

By Taylor Armerding, CSO
October 23, 2012 09:20 AM ET

CSO - Trust, but verify. That was the motto of President Ronald Reagan. It also ought to be the motto of everyone who uses email.

The future of malware

Security vendors Sophos and Kaspersky Lab both have in recent days warned of scam emails using the names of well-established companies to try to lure victims to malware sites. The scheme is obvious, or ought to be -- they figure if they use a trusted name, victims will trust the link.

The scams have been present virtually since email began, but security experts say they are increasing at an accelerating pace.

Graham Cluley, senior technology consultant at Sophos, reported early last week on a "widespread malware campaign that has been spammed out, disguised as a communication from DHL Express." He said it claims to be a tracking notification.

A few days later, Cluley reported on emails claiming to be from companies like British Airways, LinkedIn, YouTube, Google and Amazon. "The truth is that the headers are forged, and the emails have been specially crafted to look like legitimate communications from online firms, he wrote.

"Clicking on the links could send your computer to Canadian pharmacy-like spam sites offering to sell you Viagra, or even webpages hosting malicious payloads," he wrote.

On Kaspersky Lab's Threatpost blog, Brian Donohue wrote: "Criminal hackers launched an attack campaign earlier this week in which they sent a slew of emails purporting to come from the financial software developer Intuit. The emails contained links that led to sites hosting the Blackhole exploit kit in an apparent attempt to infect the machines of corporate users."

There are multiple other examples, purporting to come from American Express, Microsoft and others.

There are mixed opinions about whether this means that malware attacks are now more focused on email than web searches. Chester Wisniewski, a senior security adviser with Sophos, said web infections still impact more users than any other method.

"There has been an increase in malicious email, but it hasn't approached the amount of infections sourced from the web," he said. "It really is just a change in how email infections work. They used to be attached EXEs and SCRs that were simple Trojans. Most organizations are smart enough to block executables from entering through their email gateways, so criminals have moved on to HTML, PDF and RTF files."

[See also: After 40 years, email security still elusive, experts say]

But Bogdan Botezatu, senior e-threat analyst at Bitdefender, said web search malware "has now lost ground in terms of email spam bundled with malicious attachments or malicious links."

Botezatu said a Bitdefender study earlier this year found that of 264.6 billion spam messages sent daily, 1.14% carry attachments. "That means that, every day, about 300 million spam messages carry a malicious payload. We expect this trend to increase by 2% to 6% from one year to another," he said.

Cluley said it is difficult to compare the two types of attacks strictly in numerical terms. "Many attacks these days will incorporate aspects of both. An email may contain a link to a malicious website, or an email with a dangerous attachment may then download further code from the web," he said.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News