Sophos sees increase in malicious email attachments

By Robert Westervelt, News Editor 27 Oct 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Malicious file attachments deluged email inboxes between July and September as spammers turned to common social engineering techniques to dupe computer users into downloading dangerous Trojans.

Our advice is to not only protect your computer to stop it from being infected, but properly protect it to prevent yourself from being a contributor to the problem. Graham Cluley, senior technology consultant, Sophos Inc.

One in every 416 email messages between July and September contained a dangerous attachment, according to a new report from UK-based antivirus vendor Sophos Inc. That number increased eight times more than the previous quarter, which stood at only one in every 3,333 emails, Sophos said.

While it's impossible for antispam vendors to measure how successful the attacks are, it's clear the same spam campaigns are continuing and more computers are being plucked to strengthen certain botnets that spread unwanted messages.

"This is far removed from spear phishing, it is more like whale trawling," said Graham Cluley, senior technology consultant at Sophos. "Since they're going through the effort of constantly changing code and doing it again and again, says to me it must be working."

The increase is associated with several large scale attacks. Sophos said the Agent-HNY Trojan horse was the most successful attack, accounting for nearly 27% of all the email attachment malware over the last three months. It was spammed out disguised as the Penguin Panic arcade game for Apple iPhones. The spam message targets Windows users by trying to lure them to open the attached file purported to be the game. The Agent-HNY Trojan and other members of its family accounted for 40% of all email attachment malware over the last three months.

SearchSecurity radio:

"It's a spam gang using multiple disguises by slightly changing their disguise each time," Cluley said.

The EncPk-CZ Trojan, which pretended to be a Microsoft security patch, has also been widespread. It accounted for 12% of all the reports over the last three months. Microsoft warned earlier this month of spam circulating that looks like legitimate messages Microsoft sends to its customers. The message tried to take advantage of Microsoft's monthly release of security updates.

Instead a Trojan is attached to the email and if installed it could allow an attacker to access information on a victim's computer. The fake email claims the executable file is Microsoft's latest security update and is signed by Steve Lipner, director of security assurance at Microsoft.

In late August, the Invo-Zip malware began circulating attached to a mass-mailed FedEx spam campaign. The message is quite convincing and says a package could not be delivered and tries to trick the user into clicking an attached invoice containing the malware, Cluley said.

The sheer volume of new malicious code spreading via email has caused problems for most antivirus software. Sophos itself receives 20,000 unique pieces of new malware in its labs every day, Cluley said. While more than 90% is being blocked proactively, some is slipping through and duping unsuspecting end users.

"Our advice is to not only protect your computer to stop it from being infected, but properly protect it to prevent yourself from being a contributor to the problem," Cluley said.

Tags: Email Security Guidelines, Encryption and Appliances,  Email and Messaging Threats (spam, phishing, instant messaging),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Email Security Guidelines, Encryption and Appliances What does 'invoked by uid 78' mean? How to configure firewall ports for webmail system implementation Fierce competition prompted new Cisco email security options Cisco brings email security appliances closer to SaaS Cisco offers more email security choices, but lacks vision Information security book excerpts and reviews Are message stubs a secure part of email retention policies? Strategies for email archiving and meeting compliance regulations Product Review: Astaro Mail Gateway 4000 What are the security risks of opening port 110 and port 25? Email and Messaging Threats (spam, phishing, instant messaging) How to prevent brute force webmail attacks Unified communications: Securing a converged infrastructure Chained Exploits: How to prevent phishing attacks from corporate spies 3FN.net ISP shutdown interrupts spam campaigns Swine flu outbreak results in spam pandemic What does 'invoked by uid 78' mean? Economy fuels malware, spam Internet Explorer 8 includes a bevy of security features Adobe JBIG2 exploits being spammed, IBM warns Fierce competition prompted new Cisco email security options Email and Messaging Threats (spam, phishing, instant messaging) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary asymmetric cryptography  (SearchSecurity.com) challenge-response system  (SearchSecurity.com) cryptographic checksum  (SearchSecurity.com) data encryption/decryption IC  (SearchSecurity.com) elliptical curve cryptography  (SearchSecurity.com) Escrowed Encryption Standard  (SearchSecurity.com) MPPE  (SearchSecurity.com) Quiz: Cryptography  (SearchSecurity.com) session key  (SearchSecurity.com) Twofish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary