Email messaging and Web security solutions firm AppRiver, its mid-year Threat and Spamscape report, noted a significant uptick in malware-laden messages during the first half of this year.
The report, which focuses on spam and malware trends, showed strong continued appearances of popular malware including Zeus, SpyEye, and the Blackhole toolkit, and a rise in mobile malware—echoing other recent vendor reports.
“We have noticed an increase in both the volume and the quality of emails with malicious URLs,” said Fred Touchette, senior security analyst at AppRiver. “Not only are there more of them, they are also using more sophisticated graphics that look very similar to the graphics of their legitimate counterparts. This makes it much easier to trick people into revealing their personal information such as bank account numbers.”
The company, which protects over 45,000 customers totaling more than 8 million mailboxes, highlighted several trends that it saw during the first six months of 2012, including:
• Surge in Smartphone Spam: With smartphone use on the rise, spammers are using text messaging to trick smartphones users into clicking on malicious links or responding to them. Similar to the nefarious practice called, “Pay Per Install,” text spammers try to lure users into installing software and then make money off each installation and/or steal personal information.
• Traditional Email Spam – AppRiver said spam levels were on the decline during the first 5 months of the year but in June, started to pick back up and be the first month over month rise in spam of 2012.
• Zeus Continues its Reign: Campaigns purporting to be banking security updates continue to target email users. Just recently, Zeus donned a new avatar to dupe unsuspecting recipients. This new version of the Trojan conveyed a “Credit Notification” from Wells Fargo informing recipients that their accounts had been credited $11,000.00. To convince users of its legitimacy, the authors attached details of the transaction in a file suitably named “transaction&details.zip.” Once executed, the attachment embedded itself on the victim’s machine and stole bank credentials.
• Blackhole Toolkit Gaining Traction: In addition to Zeus, the Blackhole crime toolkit quickly made its way among the heavy hitters during the first half of 2012. Sold on the underground forums for cheap, the Blackhole toolkit is readily available and can be leveraged to create a foothold by installing the Zeus Trojan on many machines.
• Cyber Espionage: In the wake of Stuxnet and Duqu worm discoveries, another very complex piece of code was recently discovered that targeted the Middle East and North Africa. The virus, dubbed “Flame,” marked a new era in cyber warfare demonstrating how unique, hard-to-detect cyberweapons can be successfully deployed against nation states.
“So far in 2012 we’ve already witnessed a great amount of activity targeting many facets of all of our everyday lives,” the company noted in a blog post. “We’ve seen some minor wins for the good guys in the face of some major adversity from the bad guys. We’ve also witnessed the uncovering of a few apparent government sponsored cyberattacks that have really made people sit up and notice.”
AppRiver’s Threat and Spamscape report for the first half of 2012 is available here in PDF format.
