Malware E-mails Explode in Q3

By Matthew Hines  |  Posted 2008-10-27 Print this article Print

Malware-laden e-mail attacks surged during the third quarter of 2008, according to researchers at endpoint security vendor Sophos.

Based on the company's latest report, there was a dramatic rise in the proportion of e-mail messages sent carrying malicious programs between July and September, when compared to the total volume of e-mail.

According to the paper, one in every 416 e-mail messages between July and September contained a dangerous attachment, or something designed to infect the recipient's computer, representing an eight-fold rise compared to the previous quarter, when the figure stood at only one in every 3,000-plus e-mails.

In terms of popularity, the Agent-HNY Trojan threat, which is most commonly disguised as a "Penguin Panic" arcade game for Apple iPhones, was being distributed most heavily during the quarter.

Sophos said that other highly-used threats included the EncPk-CZ Trojan, which pretended to be a Microsoft security patch, and the Invo-Zip malware, which is labeled as a notice of a failed parcel delivery from overnight firms including UPS.

The rise of all three breeds of attack was highlighted by individual researchers over the course of the quarter, or shortly beforehand.

Windows users remain the most at-risk constituency based on the attack patterns, the experts said.

"For Apple Mac and Unix lovers, these major spam attacks just mean a clogged-up inbox, not an infected operating system. But organized criminals are causing havoc for Windows users in the hunt for cold hard cash," Graham Cluley, senior technology consultant at Sophos said in a report summary.

"Too many people are clicking without thinking -- exposing themselves to hackers who are hell-bent on gaining access to confidential information and raiding bank accounts. The advice is simple: you should never open unsolicited attachments, however tempting they may appear," he said.

Regardless of social engineering, it would seem that some people just cannot be helped in that regard. Though, social engineering is also soaring to new heights, the researchers reported.

To that end, in addition to sending out malware-spiked spam, attackers continue to use current events to trick users into clicking links and opening infected URLs.

When baited with spicy or hard-to-believe headlines, even those more security-aware users are getting duped, said Cluley.

The Mal/EncPk-DA Trojan horse saw heavy activity in that regard during Q3.

"When a spam eemail appears to come from a trusted source, too many users are fooled and end up clicking through to a malicious Web page," Cluley said. "The naivety shown by many internet users is downright dangerous. In the past, hackers were more like teenage mischief-makers breaking into sheds to see what they could find. Today, they are hardened criminals wearing hobnail boots with no qualms about breaking into your home and stealing everything they can get their hands on."

Spammers are also finding new manners of getting at their desired targets, the company said. In particular, Sophos researchers said that they have noticed an escalation in the level of spam being sent via social networking websites such as Facebook and Twitter, and said they expect to see this continue to rise.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel