Incident Response, Malware, TDR

Threat of the month


What is it?
There are many types of blended attacks, but here we refer to spam outbreaks containing links to malicious websites. The websites look like legitimate sites, but actually contain malware and are often hosted by zombies.

How does it work?
The email messages typically contain a promise of attractive content, persuading recipients to click on the link. On arrival at the site, malware either loads automatically onto users' PCs in a “drive by” attack, or the site uses social engineering to encourage users to click on malware-laden links. The links change, with up to hundreds of different zombie IP addresses hosting versions of each attack.

Should I be worried?
Because the spam itself does not carry a malicious payload, often anti-virus solutions do not block it. Also, because the malware may occur in infinite variants on the different web sites, it often passes into users' computers undetected by desktop AV solutions.

How can I prevent it?
Since these messages are sent by zombies, your messaging security solution needs to instantly analyze outbreaks and block suspicious IPs before they enter your network. You need a reputation solution differentiating between good and bad senders, blocking “bad” messages, regardless of content.

— Rebecca Steinberg Herson, Commtouch Software

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.