The daily deluge of malicious spam or Malspam and how to stop it
Earlier this week Morphisec Cyber Lab identified a wide-spread Malspam campaign. The Malspam attack was targeted against individuals, not a specific Enterprise. The attack included an attachment with a logical and realistic changing document name that lured individuals to click…
Malware Spam or Malspam is the term used to designate malware that is delivered via email messages. Although the first instance of a piece of malware being delivered by spam is unknown, the 1999 Melissa mass-mailing virus is recognized to be the first malware widely distributed by email. Melissa would scan email contact lists and proceed to send a copy of itself to the first 50 contacts within the list. While Melissa did not destroy files or other resources, the virus had the potential to disable corporate and other mail servers by consuming resources while seeking out additional contacts and mailing copies of the virus to others. In time, email quickly proved to be a viable method to deliver malicious attachments to unsuspecting users. The ILOVEYOU mass-mailing worm that came out in 2000 infected tens of millions of computers worldwide and caused billions of dollars in damage.
Research from the firm Radicati indicates that roughly 205 billion emails are sent each day. And according to ITU, roughly 80% of all email messages are spam. While it’s hard to identify an exact number of emails delivering Malspam, it’s clear that malware authors continue to see success because they have not stopped!
Spam is still a preferred attack for cyber criminals and malware spam campaigns continue to increase. According to the Symantec Internet Threat Report, 1 in 220 emails in 2015 contained malware. In a Malspam attack, attackers use botnets to send emails that include malicious links or attached files with user-activated macros that download and execute malware. Attachments can be disguised as fake invoices, office documents, or other files. Malicious links may direct the user to a compromised website and puts something malicious onto their computer. Malspam attacks are simple and inexpensive to carry out.
The most common advice we get is -Avoidance – Never download or view attachments from unknown senders. Always treat attachments from known senders as possibly suspicious unless the information has been directly attached. Never execute executable files. And even if the document advises otherwise, don’t enable Macros within Office products. If there is a doubt, contact the sender prior to opening the attachment to inquire further. Scan attachments with a reputable anti-malware product such as Malwarebytes Anti-Malware, or scan the file with a security product. Most of this advice is not really practical for busy hardworking individuals…
This reported Malspam was stopped by a Morphisec solution right at the moment of execution before it could do any damage. Many times before it passed unnoticed, eventually requiring manual intervention to remediate. This new solution is the direction needed for endpoint threat defense.