Virus, Malware Activity Increased in May, Spam Levels Flat

Virus and malware activity increased in May, sporadically hitting peaks of more than 10 million pieces per day, AppRiver researchers said in its monthly threat-landscape report.

Scammers took advantage of major news events to push out new pieces of malware while cyber-attackers continued to target large companies in May, according to AppRiver’s latest Threat and Spamscape report released June 15.

Shortly after the death of Osama bin Laden, a number of malicious Websites purporting to contain images and video from the Navy SEAL operation appeared. They were actually downloading malware in the background. Malware related to bin Laden’s death flooded users’ email inboxes and Facebook, according to AppRiver.

There were still remnants of Royal Wedding-related malware toward the beginning of the month.

The number of emails carrying viruses more than doubled for the fifth straight month, according to AppRiver researchers. In May, more than 102 million email-borne virus messages were quarantined, an increase of 239 percent over April.

“May 1 was the largest volume of these messages that we have seen in a single day in nearly two years,” researchers wrote.

A new malware kit, Weylan-Yutani, appeared for sale in underground forums in May, AppRiver found. At approximately $1,065, the kit was notable for its ability to create scripts designed to infect both PCs and Macs. Weylan-Yutani was the first kit that made it easy to create Mac malware and the authors promised the ability to create scripts for the iPad and Linux in later versions.

“Imagine when a user can browse past an infected site and become a victim regardless of their operating system,” AppRiver researchers wrote, suggesting that users and systems administrators keep up with software updates. Echoing the recommendation often made to secure the enterprise network, the endpoint should also have multiple layers of security, including antivirus software, and a personal firewall, and keep the user account separate from the administrator account.

“Apple gets their fair share” of malware, the researchers noted. May was the month fake antiviruses such as MacDefender, MacProtector and MacShield infected a large number of Mac users.

Spam traffic remained level this month, except for a spike that corresponded with bin Laden’s killing. Spam levels declined very slightly in April after the Coreflood botnet was shut down and stayed about the same for most of May. The amount of image spam declined about 40 percent.

Spam output from Asia increased slightly, and for the second consecutive month more spam originated from Russia than any other country. India, Brazil the United States and South Korea rounded out the top five.

Beginning May 3, many users received an email in which the sender claimed to be from the Federal Bureau of Investigation. The messages claimed the FBI had been monitoring users’ browsing habits and accused them of visiting “40 illegal Websites.” Users were instructed to fill out an “attached questionnaire,” which was actually a Bredolab downloader, which would have created a “permanent backdoor” to the victims’ PCs that would be used to install other types of malware at a future date.

Even after security researchers got their hands on the source code when it was leaked, the Zeus Trojan “is still around and going strong,” AppRiver said. A Zeus campaign posing as a Microsoft Security Update appeared on the day Microsoft pushed out its Patch Tuesday updates.

Major corporate Websites were constantly hit during the month as cyber-attackers continued hammering away at Sony’s Websites as well as other companies such as Michael’s of Chicago, Eidos Games and Fox News. There was “strange network activity” detected on LastPass servers, causing the site to force all users to change their master passwords.