Malicious spam spikes in enterprise

Cyber criminals are increasingly turning to spam as a means of infecting computers, according to a new report from IT security and control firm Sophos.

The Boston-based firm found an eight-fold increase in the number of spam emails containing dangerous attachments that were sent to business organizations between July and September 2008. The Q3 Dirty Dozen spam report not only documents an alarming rise in the proportion of spam emails, but an increase in spam attacks using social engineering techniques to snare unsuspecting computer users, according to Sophos senior technology consultant Graham Cluley.

Email authenticity key to battling spam

Cell phones are new spam targets

The survey found that one in every 416 emails contained a dangerous attachment designed to infect the recipient’s computer. That number is up from only one in every 3,333 the previous quarter, said Cluley.

Much of the increase is due to several large-scale malware attacks made by spammers during the period, he said.

The worst single attack was the Agent-HNY Trojan horse, which was sent disguised as the Penguin Panic arcade game for Apple iPhones.

Other major incidents included the EncPk-CZ Trojan, which pretended to be a Microsoft security patch, and the Invo-Zip malware, which masqueraded as a notice of a failed parcel delivery from firms such as UPS.

“While many people may know better than to click on an attachment that says ‘sexy pictures’, these new tactics are more alluring,” said Cluley “Too many people are clicking without thinking — exposing themselves to hackers who are hell-bent on gaining access to confidential information and raiding bank accounts.”

Spammers continue to embed malicious links and spam out creative and timely attacks designed to prey on users’ curiosity, said Cluley. In August, a wave of spam messages claimed to be breaking news alerts from MSNBC and CNN. Each email encouraged users to click on a link to read the news story, but instead took unsuspecting users to a malicious webpage which infected Windows PCs with the Mal/EncPk-DA Trojan horse.

“When a spam email appears to come from a trusted source, too many users are fooled and end up clicking through to a malicious webpage,” said Cluley.

Education continues to be key to preventing infection, said Cluley, who encouraged business organizations to give users initial and also refresher instruction on avoiding suspicious emails.

“The advice is simple: you should never open unsolicited attachments, however tempting they may appear,” he said.

The United States remained in the number one spot for relaying spam across the globe, generating 18.9 percent of the malicious emails.

Russia has increased its contribution to the world spam problem, soaring from 4.4 percent last year, to 8.3 percent during this time period, according to the report. Turkey, China and Brazil were the other countries on the top-five spam relaying list.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now