Security Experts:

Connect with us

Hi, what are you looking for?



Spam Laced With Malicious Links Jumps: Symantec

Researchers at Symantec say they have noticed an uptick of attackers relying on malicious links as opposed to attachments in order to infect users.

Researchers at Symantec say they have noticed an uptick of attackers relying on malicious links as opposed to attachments in order to infect users.

According to Symantec, since late November there has been a spike in the number of malicious emails using this tactic. In October only seven percent of malicious spam emails contained links. In November, that number jumped to 41 percent.

“While many malicious emails come with an attachment, organizations can block and filter these types of messages,” Symantec researchers noted in a blog post. “Symantec believes that the Cutwail botnet (Trojan.Pandex) is behind some of the recent spam messages, along with other botnets, and that attackers have resorted to using links in a bid to avoid email security products that scan for malicious attachments.”

During the last few weeks, spammers have been blasting out social engineering-themed messages such as emails about fax and voicemail notifications. These emails may contain information typically included in legitimate fax and voicemail messages such as a caller ID or confirmation number, but the information itself is fake. 

“The common thread in each email is that they contain links,” according to Symantec. “These links use hijacked domains and have a URL path that leads to a PHP landing page. If the user clicks on the links, they are led to a malicious file. In particular, we have seen Downloader.Ponik and Downloader.Upatre being used in these emails. These are well-known Trojans that are used for downloading additional malware onto compromised computers, including information stealers like Trojan.Zbot (also known as Zeus).”

Researchers have seen a number of subject lines used, including: MyFax message from *unknown* – 3 pages; Fax Message and Fax Message #[RANDOM NUMBER].

“Earlier in November we witnessed a similar campaign based around fake telecoms bills written in German,” according to the researchers. “These emails reported that the receiver had recently run up a large mobile phone bill. The goal was to get the receiver to click on the link to find out more about what appeared to be a billing mistake.”

“This recent shift away from malicious attachments towards malicious links is a reminder that security is a game of cat and mouse,” the researchers noted. “Spammers try to gain the upper hand while mail security products implement detections against these shifts.”

Written By

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.