The unknown explosion of malicious email attachmentsby Steve Ragan - Sep 19 2011, 09:00
Commtouch, the original equipment manufacturer (OEM) for many security vendors dealing with anti-Spam and anti-Malware protections, discovered a massive jump in malicious email attachments last month. Beyond concerns regarding extra volume, the problem is no one seems to know why there was a sudden spike.
Since August, someone unknown - perhaps a group - has been targeting millions of systems worldwide with email containing malicious attachments. However, this isn’t the typical type of Spam, this is direct malware distribution on a mass scale resulting in abnormally high levels of malicious messages.
The pattern has been seen before: Fake messages with malicious attachments alleged to contain details on UPS and FedEx deliveries, credit card charge errors, and so on. Since the fall of the Rustock botnet, Spam levels across the globe have fallen, but, despite that, the volume of malicious email attachments has skyrocketed.
In August, Commtouch’s monitoring points noticed an average of a few hundred million to two billion malicious messages per day. On August 8, that number exploded to 25 billion Malware-laced emails.
“A review of several end-user forums reveals that the email campaigns have been successful – with many users having opened the malware attachments. The infection rate is generally linear – the more malware is emailed, the greater the final number of infections. Once opened the malware contacts external servers and downloads several other malware files, which are then run on the infected machine. The purpose of these files is unclear,” Commtouch said.
“In the past large malware outbreaks have resulted in the expansion of botnets which have then been used to send large volumes of spam. Malware distribution therefore aimed to increase spam distribution, but this does not seem to be the case now,” it added.
Considering the effort involved in designing the email templates and themes, as well as developing the Malware variants, where is the payoff for the person(s) behind the massive influx of malicious messages? No one knows, but Commtouch is at least willing to speculate.
It could be that the Malware aims to expand the number of bots on the Web used to push Spam, or DDoS. Yet, at the same time, there have been no reported jumps in Spam volume. Likewise, there have been no reports of a massive DDoS attack online. Moreover, authentication theft (for messenger, email, or social networking accounts), and financial fraud are other possibilities, but nothing has been reported outside of the norm for those types of crime either.
That leaves the unknown, or something worse, namely someone is perhaps preparing for a massive attack somewhere. At this stage, the best bet is for consumers to avoid random email attachments, and keep security software, as well as third-party and operating system software, tightly patched. Commtouch has said it will continue to track movments, providing more report coverage and connected information along the way.
In the meantime, what are your thoughts on the malicious email explosion? Tell us in the comments below.