The volume of malware attacks conducted via e-mail attachments increased about 800 per cent over the past three months as this low-grade hacking method was brought back from the grave, according to a U.K.-based security vendor.
This reverses an earlier trend. Previously, malware trends indicated hackers were moving away from sending infected attachments. Most attacks were carried out by embedding links to viruses or Trojans right into the e-mail.
One malicious e-mail attachment posed as an iPhone game.
The U.S. remains the biggest source of spam in the world.
It was a strategy to get around anti-spam filters that have become effective at blocking malware attachments.
But between July and September, the e-mail attachment method made a comeback.
One in every 416 e-mail messages contained a dangerous attachment – an eightfold increase of one in every 3,333 messages for the previous quarter, according to Sophos PLC.
The rise was largely due to a single massive e-mail spam campaign coordinated by a hacker group, says Graham Cluley, senior technology consultant at Sophos. The campaign featured an e-mail with an attachment masquerading as the Penguin Panic game for Apple’s iPhone.
“It didn’t use sex, it didn’t use money, it used the buzz around the iPhone, the one gadget that everyone wanted,” he says.
Windows users who clicked on the attachment actually downloaded the malware Agent-HNY. The Trojan opens the floodgates for other malware to infect users, leaves them open to identity theft, and turning their computer into a “zombie” – that sends out spam messages to those on contact lists. The attack accounted for over one-quarter of all malware attachments e-mailed over the quarter.
While “zombie” is the term for a computer that has been infected and starts sending out spam messages, the zombie-like behaviour of e-mail users is partly to blame for the rise in attacks. Security vendors can work as hard as possible to guard against Internet threats, but it’s all for nothing if end-users aren’t installing it.
“The vendors are working very hard, but there’s a disconnect with the end user,” says Baha Habashy, founder of Integrity+ Consulting in Markham, Ont.
The consulting firm advises businesses on e-mail management.
To prevent your office computers from being infected by simple e-mail attacks, try creating a cheat sheet for employees to stick on their cubicle walls, he suggests. The first point should advise employees to never give their e-mail away in exchange for the promise of something free.
“Nothing is free and the people offering you freebies are looking to get your e-mail address.”
Another tip, Habashy says, should be to create an e-mail rule that alerts the user when software updates are available for end-point security and anti-spam software. That will make them harder to ignore.
Sophos’ Cluley notes that computer security is as much about user education as it about having the right technology.
Effective spam attacks often tap into an e-mail recipient’s emotional side to elicit a click – using sex and money are prime examples.
E-mails promising lurid videos of Angelina Jolie and a fake notice of charges to a personal credit card are two examples, according to Cluley. These attacks were effective over the last three months.
“We can put in security [products] to intercept the malware and spam, but we can’t upgrade the human brain,” he says. “People continue to fall for the same trick that they did 10 years ago.”
Attaching a virus to an e-mail and massively sending it out is a hacker attack that’s been around almost as long as e-mail itself. The last quarter saw the highest levels of this activity since February, 2007. It’s a dramatic rise in the amount of e-mail spam.
Sophos recommends that companies devise a way to automatically update corporate virus protection and run a security check at e-mail and Web gateways.
Mississauga, Ont.-based Jovian Technology Inc. has a similar approach with its e-mail server appliance. The company provides all the service and maintenance needed for the box, and the server also automatically upgrades its anti-virus protection engine from ClamAV.
“Everything is automatic out of the box,” says Eric Wong, business development with Jovian. “All the intelligence is in the box itself.”
He says the spam filter product automatically renames potentially dangerous e-mail attachments to prevent them from being launched too easily. For example, a .exe file will be renamed to a _exe file instead. That prevents it from being executed with a single double-click.
The U.S. is still the number one source for spam in the world, responsible for nearly one-fifth of all spam e-mail sent over the quarter, according to Sophos.
But Russia saw the greatest rise in spam messages sent. The amount of spam originating from Russia doubled to just over eight per cent.