Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Security Response

Month of the Virus

Created: 04 Sep 2008 14:38:23 GMT • Updated: 23 Jan 2014 18:40:05 GMT
Kelly Conley's picture
0 0 Votes
Login to vote

In August, the "Internet" category of spam showed an increase of nine percent from July and now makes up 27% of all spam messages. This increase is detailed in the Symantec State of Spam Report for September, which will be released today. The escalation of Internet spam can be attributed to the prevalence of malicious code being sent around via spam emails over the past month. It seems that spammers will stop at nothing to deliver their payload-various techniques in spam containing viruses were observed over "the month of the virus." These include the following methods:

  • Sensationalized "fake" news headlines
  • Use of seemingly real news headlines
  • Purported download for the latest version of Internet Explorer
  • Malware + spam + phishing = The triple security threat for financial institutions
  • Airline e-ticket connects malicious code and spam

Sensational (and in many cases ridiculous) fake news headlines were all the rage in August. With subject lines declaring everything from possible presidential running mates "McCain Chooses Paris Hilton to be Running Mate" to "Beijing Olympics Cancelled," these emails contained a link to malicious code and were not-and I hate to be the one to break the bad news-legitimate news stories. This malware is designed to infect other computers with viruses and Trojans. Among the subject lines based upon real events that were made to appear like legitimate news articles were the ones abusing of the Russia-Georgia conflict, which we previously blogged about.

One high profile attack observed in August invited users to download a free version of Microsoft Internet Explorer 7. The message contained a dotted quad URL with an .exe download that was detected as Trojan.bluesod. Dotted quad spam occurs when the dotted quad address of the spam URL link is used in the spam message body rather than the domain name of the spam URL. This is a prevalent technique in spam and now, virus.

A triple threat to security was observed in one single spam attack in August. A phishing message against a financial institution was claiming to introduce new security measures to protect customers against fraud and identify theft. This spam message claimed that the features were mandatory and being introduced immediately via downloadable (hello, virus!) attachment. Typically when phishing, spammers will ask recipients to update account details using a bogus URL link, so this move to a downloadable attachment is a new one. Will it be a lasting technique?

You can read all about the above issues in addition to other malicious code and spam duos observed recently in the September State of Spam Report.

Message Edited by SR Blog Moderator on 09-04-2008 07:45 AM