Application security, Incident Response, Malware, TDR

Huge uptick in spam-borne malware since mid-September

The amount of spam containing malicious attachments spiked in September and has remained at an elevated level since, according to Symantec's "State of Spam" report released Wednesday.

“We are definitely seeing an increase in spam with attached viruses,” Dylan Morss, senior manager of anti-spam engineering for Symantec, told SCMagazineUS.com on Wednesday.

Generally, the amount of spam containing malicious attachments hovers around 0.5 percent of all spam, with occasional brief spikes every two to three months, Morss said. Since mid-September, however, malicious attachments have been present in approximately 1.3 percent of all spam on average.

The amount of spam containing malware increased ninefold during September over the previous month, Symantec said in its report

And at one point in September, malware was present in 4.5 percent of all spam, the Symantec report said.

“The consequences of this rise are quite significant when you consider that 86.39 percent of all email messages in September 2009 were spam,” Symantec's report states.

In a reflection of the report, the FBI this week issued three different warnings about fraudulent email campaigns currently making the rounds, all of which contain malicious attachments. Some of the emails seem to be coming from the FBI and contain attachments for what those behind the messages claim are reports related to weapons of mass destruction or Al-Qaeda financing.

Other fraudulent emails making the rounds are spoofed to look like they were sent by U.S. Department of Justice and contain attachments of a supposed audio file with speech from Osama Bin Laden directed at the people of Europe, the FBI said.

The FBI does not send unsolicited emails and if users encounter these messages, they should not click on the attachments as they likely are viruses or other malicious software, the FBI said.

Meanwhile, Joel Esler, a SANS Internet Storm Center handler, said Wednesday that he has, along with several SANS readers, noticed an increase in overall spam recently.

“I can personally confirm that, yes, I have seen more spam in my inbox lately,” Esler wrote in a SANS blog post.


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.