If you haven’t done so already, perhaps it’s time to remind your users about the hazards of clicking on e-mail attachments from unknown senders.
Security researchers have detected a significant surge in the number of spam attacks in July containing variants of the Storm worm, a Trojan that turns infected PCs into an army of hacker-controlled botnets. This type of worm was first detected last January.
E-mail and Web security services firm MX Logic has reported a 1,700 per cent spike in the number of worm-related e-mail attacks containing payload files that are new variants of the Storm worm.
The most common of these types of e-mails are those that purport to contain a greeting card attachment, according to Sam Masiello, director of threat research at MX Logic in Englewood, Colo.
The attached fake greeting card contains a link that triggers the download of a piece of malware that then scours the system for specific vulnerabilities. The vulnerability is then exploited by the attacker to gain control of the system, Masiello explained.
“If you can make your message look legitimate and if you can convince the user that what they are about to open is something that they want to open or an attachment that they would like to click on, then your campaign is likely to be successful,” he explained.
Botnets are proving to be financially rewarding for hackers for the various purposes they can serve, from worm propagation and mass spam distribution to launching targeted denial-of-service attacks, Masiello said, adding he expects these types of attacks to continue.
“With the size of the botnet army that they have at their disposal to launch new variants coupled with the success of the social engineering tactics that they have been using, I don’t expect to see Storm falling off the map anytime soon,” Masiello said.
Seen elsewhere
Symantec Corp’s recent Spam Monthly Report has shown a similar trend of rising e-card spam in the month of July.
“The link (to the attachment) in these cases was an exposed IP address, which is a clear indicator that it isn’t a greeting card from an established and reputable e-card service,” the Symantec report said.
Just last month, however, security vendor Fortinet cited on its State of Malware Report a general decline in the number of mass-mailing worms since the start of the year. On the average, the report said, e-mail worms decreased by five per cent each month.
The decreasing trend was attributed to attackers shifting to more targeted attacks, rather than indiscriminate mass mailing, according to Bryan Lu, project manager for the Fortinet Global Security Research Team.
Lu also attributed the reported drop in e-mail worms to increased end-user awareness about social engineering tactics involved with this type of attack, knowing better now than to click on attachments from unknown senders.
But the rising number of bot-infected computers is an indication that social engineering tactics are still an effective attack mechanism, according to Masiello.
icon.
