Attachment-based threats on increaseIn recent years, the number of threats spread via email attachment has declined.
Year__Emails with infected attachments (average)
2005......1 in 44
2006......1 in 337
2007......1 in 909
2008......1 in 714
However, while web-based threats have tended to dominate the malware agenda in the last 12 months, there were five times as many malicious email attachments at the end of 2008 than at the beginning.
The increase is most apparent when shown by month – from a low of 1 in 3333 in the first quarter of the year to a high of 1 in 200 by September.
Percentage of infected email attachments in 2008, month by month:
Jan 0.05% (1 in 2000)
Feb 0.04% (1 in 2500)
Mar 0.03% (1 in 3333)
Apr 0.04% (1 in 2500)
May 0.03% (1 in 3333)
Jun 0.03% (1 in 3333)
Jul 0.05% (1 in 2000)
Aug 0.17% (1 in 588)
Sep 0.50% (1 in 200)
Oct 0.39% (1 in 256)
Nov 0.26% (1 in 384)
Sophos identified that much of this increase can be attributed to several large-scale malware attacks made by spammers from August 2008 onwards. High profile attacks during this period included the Invo-Zip Trojan horse which masqueraded as a notice of a failed parcel delivery from firms such as FedEx and UPS10, the Agent-HNY Trojan that was spammed out disguised as the Penguin Panic Apple iPhone arcade game11, and the EncPk-CZ Trojan, which pretended to be a Microsoft security patch12.
Top 10 email attachment-based malware for 2008:
Troj/Agent 31%
Troj/Invo 18.1%
Mal/EncPk 13.8%
W32/Netsky 4.4%
Troj/Pushdo 4.3%
Troj/Doc 2.9%
Troj/FakeVir 2.2%
Mal/Iframe 1.8%
Troj/VidRar 1.6%
Troj/DwnLdr 1.5%
Other 18.4%
The scale of the email attacks in the second half of 2008 can be seen in the Pushdo Trojan13 (which posed as naked pictures of Angelina Jolie and Nicole Kidman) that accounted for 31 percent of all reports in the first half of the year.
Troj/Agent’s and Troj/Invo’s rapid dominance of the email attachment-based malware chart – accounting for almost 50 percent – is notable for outstripping the Netsky worm, which has consistently plagued the higher positions of the chart since it was released in early 200414. Whereas Netsky contains self-replicating code to duplicate itself and spread across the internet, the Agent and Invo Trojans can not travel under their own steam but rely on spam – usually
from a compromised computer.
Malicious links
As well as using malicious email attachments, cybercriminals continue to embed malicious links in emails and spam out creative and timely attacks designed to prey on users’ curiosity.
For example, in August 2008 Sophos warned of a widespread wave of spam messages claiming to be breaking news alerts from MSNBC and CNN15. Each email encouraged users to click on a link to read the news story, but instead took them to a malicious webpage that infected Windows computer with the Mal/EncPk-DA Trojan.
In September 2008, an email was widely spammed containing a link to what was said to be a pornographic video of US presidential candidate Barack Obama16. However, the webpage really installed the Mal/Hupig-D malware.
On the day after Obama’s presidential victory, another spammed-out malware campaign invited recipients to click on a web link to watch a video of the successful Democratic candidate17. In reality, visiting the website could lead to information being stolen from the victim’s computer and sent to a server in Kiev in the Ukraine.
Sophos.com
No comments:
Post a Comment