Report: Malicious spam spikes in the enterprise
Cyber criminals are increasingly turning to spam as a means of infecting computers, according to a new report from IT security and control firm Sophos.
The Boston-based firm found an eight-fold increase in the number of spam emails containing dangerous attachments that were sent to business organizations between July and September 2008. The Q3 Dirty Dozen spam report not only documents an alarming rise in the proportion of spam emails, but an increase in spam attacks using social engineering techniques to snare unsuspecting computer users, according to Sophos senior technology consultant Graham Cluley.
The survey found that one in every 416 emails contained a dangerous attachment designed to infect the recipient's computer. That number is up from only one in every 3,333 the previous quarter, said Cluley.
Much of the increase is due to several large-scale malware attacks made by spammers during the period, he said. The worst single attack was the Agent-HNY Trojan horse, which was sent disguised as the Penguin Panic arcade game for Apple iPhones. Other major incidents included the EncPk-CZ Trojan, which pretended to be a Microsoft security patch, and the Invo-Zip malware, which masqueraded as a notice of a failed parcel delivery from firms such as UPS.
"While many people may know better than to click on an attachment that says 'sexy pictures', these new tactics are more alluring," said Cluley "Too many people are clicking without thinking -- exposing themselves to hackers who are hell-bent on gaining access to confidential information and raiding bank accounts."
Spammers continue to embed malicious links and spam out creative and timely attacks designed to prey on users' curiosity, said Cluley. In August, a wave of spam messages claimed to be breaking news alerts from MSNBC and CNN. Each email encouraged users to click on a link to read the news story, but instead took unsuspecting users to a malicious webpage which infected Windows PCs with the Mal/EncPk-DA Trojan horse.
"When a spam email appears to come from a trusted source, too many users are fooled and end up clicking through to a malicious webpage," said Cluley.
Education continues to be key to preventing infection, said Cluley, who encouraged business organizations to give users initial and also refresher instruction on avoiding suspicious emails.
"The advice is simple: you should never open unsolicited attachments, however tempting they may appear," he said.
The United States remained in the number one spot for relaying spam across the globe, generating 18.9 percent of the malicious emails. Russia has increased its contribution to the world spam problem, soaring from 4.4 percent last year, to 8.3 percent during this time period, according to the report. Turkey, China and Brazil were the other countries on the top-five spam relaying list.
» posted by ITworld staff
CSO
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
Sophos
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
