Exponential increase in malware-bearing spam spells trouble for IT

Statistically precise malware campaign promises headaches to the Nth power for IT this month

Malware infections will be increasing right now and over the coming weeks if past experience with a specific spam/malware attack holds true for one that is just waning now, according to a report from Internet security tracker Commtouch.

A series of attacks in March carried malicious payloads disguised as attachments to email from DHL, Federal Express or other package carriers.

The emails surged and waned in specific patterns as the spammers tried to zero in on users who were the most effective target for that particular attack, according to Commtouch.

The surges follow a pattern similar to one often used by direct-mail marketers launching either a new set of promotional emails or using an unproven new list of potential customers to solicit.

Rather than blasting one promotion out to a whole list, marketers save money and verify the value of the names on the list by mailing one version of the promotion to a subset of the list.

They track response rates in minute detail to match those with geographic location, demographic profiles, economic strata and other criteria.

They modify the promotional materials to appeal to the customer segments that respond most strongly, or to shore up response rates in weaker strata, and send Version 2 out to another subset of the list, usually larger than the first set to provide a clearer statistical picture.

Statistically precise marketers may go through this process half a dozen times before settling on the specific language, design and offers to send to each customer segment.

Only then do they blast the whole list, sending the most effective pitch to every customer segment.

Diabolically manipulative and unbelievably tedious at the same time, no?

An earlier wave of malware spam used as a hook a warning that the recipient was due to receive a package from DHL or FedEx except for a problem with an address or other piece of data.

The message asked recipients to launch an attachment that could fix the problem, according to Commtouch

The more recent wave created an exponential surge in the total volume of email with malicious attachments, from 814 million Aug. 6 to 15.2 billion six days later.

One program in every 14 launched or downloaded from the Internet turns out to be malicious according to a recent study from ISec Partners, but people keep clicking on them because they're convinced that one message must be clean, the study showed.

Convincing humans to open an attachment is much easier than fooling security software that it's not malicious, iSEC founding partner Alex Stamos told Network world.

If the pattern of emails and infections is consistent with the attacks in March there will be several more decreasing waves of spam and resulting infections during the next several weeks.

Until then, given that the volume of malware increased at rates that require moving decimal points rather than multiplying by a couple of percentage points, it would probably save you a lot of time and effort to set your attachment-filters a little tighter, send out warnings about the package-scam attacks and get ready to quarantine and fix outbreaks from end users who never listen anyway.

What’s wrong? The new clean desk test
Join the discussion
Be the first to comment on this article. Our Commenting Policies