Security Experts:

Connect with us

Hi, what are you looking for?



Spam Laced With Malicious Links Jumps: Symantec

Researchers at Symantec say they have noticed an uptick of attackers relying on malicious links as opposed to attachments in order to infect users.

Researchers at Symantec say they have noticed an uptick of attackers relying on malicious links as opposed to attachments in order to infect users.

According to Symantec, since late November there has been a spike in the number of malicious emails using this tactic. In October only seven percent of malicious spam emails contained links. In November, that number jumped to 41 percent.

“While many malicious emails come with an attachment, organizations can block and filter these types of messages,” Symantec researchers noted in a blog post. “Symantec believes that the Cutwail botnet (Trojan.Pandex) is behind some of the recent spam messages, along with other botnets, and that attackers have resorted to using links in a bid to avoid email security products that scan for malicious attachments.”

During the last few weeks, spammers have been blasting out social engineering-themed messages such as emails about fax and voicemail notifications. These emails may contain information typically included in legitimate fax and voicemail messages such as a caller ID or confirmation number, but the information itself is fake. 

“The common thread in each email is that they contain links,” according to Symantec. “These links use hijacked domains and have a URL path that leads to a PHP landing page. If the user clicks on the links, they are led to a malicious file. In particular, we have seen Downloader.Ponik and Downloader.Upatre being used in these emails. These are well-known Trojans that are used for downloading additional malware onto compromised computers, including information stealers like Trojan.Zbot (also known as Zeus).”

Researchers have seen a number of subject lines used, including: MyFax message from *unknown* – 3 pages; Fax Message and Fax Message #[RANDOM NUMBER].

“Earlier in November we witnessed a similar campaign based around fake telecoms bills written in German,” according to the researchers. “These emails reported that the receiver had recently run up a large mobile phone bill. The goal was to get the receiver to click on the link to find out more about what appeared to be a billing mistake.”

“This recent shift away from malicious attachments towards malicious links is a reminder that security is a game of cat and mouse,” the researchers noted. “Spammers try to gain the upper hand while mail security products implement detections against these shifts.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.