Application security, Incident Response, TDR

Malicious spam sees eight-fold jump in six months

The incidence of malicious spam attachments has increased eight-fold during the past six months, according to the third-quarter spam report released today by IT security and control firm, Sophos.

During July to September, one in every 416 email messages contained a malicious attachment, compared to one in every 3,333 emails in the previous quarter, the report states.

Data for the report is generated through global spam traps — email addresses not used for legitimate purposes that have been set up or bought from now-defunct companies, Graham Cluley, senior security analyst at Sophos, told Monday.

A few large-scale attacks accounted for the increase.

The most prolific attack in the past three months has been a trojan masquerading as anApple iPhone arcade game called “Penguin Panic”. This exploit accounted for 26.8 percent of all the email malware, Sophos found. A trojan disguised as a Microsoft security patch was the second most common attack and accounted for 12 percent of all malware found in the third quarter.

Cluley said attackers are using this method of cybercrime because it works and they are making money off it.

“It's very cheap to do these sorts of crimes,” Cluley said. “Attackers are using other people's computers [as part of botnets] to send out the messages and they are reaping the rewards.”

Other report findings indicate that the United Sates tops the list of the “dirty dozen” or top twelve countries that are responsible for relaying spam across the globe. Compromised computers in the United States sent out 18.9 percent of all spam, followed by Russia (8.3%), Turkey (8.2%), China (5.4%), Brazil (4.5%), South Korea (3.8%), India (3.5%), Argentina (2.9%), Italy (2.8%) and the United Kingdom (2.7%), Columbia (2.5%) and Thailand (2.4%).

Even though the United States consistently tops the “dirty dozen” list, its lead has narrowed compared to previous quarters, when the nation's compromised computers sent out approximately half of all spam, Cluley said. Entering the “dirty dozen” this month are India, Columbia and Thailand.

The report also states that social engineering exploits are on the rise and spammers have increasingly used social networking websites to spread malware — a trend Sophos researchers expect to continue to rise.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.