Malicious file attachments deluged email inboxes between July and September as spammers turned to common social engineering techniques to dupe computer users into downloading dangerous Trojans.
One in every 416 email messages between July and September contained a dangerous attachment, according to a new report from UK-based antivirus vendor Sophos Inc. That number increased eight times more than the previous quarter, which stood at only one in every 3,333 emails, Sophos said.
While it's impossible for antispam vendors to measure how successful the attacks are, it's clear the same spam campaigns are continuing and more computers are being plucked to strengthen certain botnets that spread unwanted messages.
"This is far removed from spear phishing, it is more like whale trawling," said Graham Cluley, senior technology consultant at Sophos. "Since they're going through the effort of constantly changing code and doing it again and again, says to me it must be working."
The increase is associated with several large scale attacks. Sophos said the Agent-HNY Trojan horse was the most successful attack, accounting for nearly 27% of all the email attachment malware over the last three months. It was spammed out disguised as the Penguin Panic arcade game for Apple iPhones. The spam message targets Windows users by trying to lure them to open the attached file purported to be the game. The Agent-HNY Trojan and other members of its family accounted for 40% of all email attachment malware over the last three months.
"It's a spam gang using multiple disguises by slightly changing their disguise each time," Cluley said.
The EncPk-CZ Trojan, which pretended to be a Microsoft security patch, has also been widespread. It accounted for 12% of all the reports over the last three months. Microsoft warned earlier this month of spam circulating that looks like legitimate messages Microsoft sends to its customers. The message tried to take advantage of Microsoft's monthly release of security updates.
Instead a Trojan is attached to the email and if installed it could allow an attacker to access information on a victim's computer. The fake email claims the executable file is Microsoft's latest security update and is signed by Steve Lipner, director of security assurance at Microsoft.
In late August, the Invo-Zip malware began circulating attached to a mass-mailed FedEx spam campaign. The message is quite convincing and says a package could not be delivered and tries to trick the user into clicking an attached invoice containing the malware, Cluley said.
The sheer volume of new malicious code spreading via email has caused problems for most antivirus software. Sophos itself receives 20,000 unique pieces of new malware in its labs every day, Cluley said. While more than 90% is being blocked proactively, some is slipping through and duping unsuspecting end users.
"Our advice is to not only protect your computer to stop it from being infected, but properly protect it to prevent yourself from being a contributor to the problem," Cluley said.