Malware Sent Via Spam Email Messages is on the Rise

by Christopher on April 13, 2011

While spam is widely regarded as mostly a nuisance, the malicious ways in which it is employed are continually expanding and evolving. A growing concern among email security companies is the inclusion of malware in spam email messages. In 2010, 2.2 percent of all email contained a malicious attachment, on average, as reported by web security company Kaspersky Lab. Although this number may not sound particularly menacing, consider that it was at only 0.85 percent the previous year. The inclusion of malicious files in spam peaked in August, hitting 6.3 percent of all email for the month.

Malware is being delivered via spam email to unsuspecting people in two basic ways: either it’s included in an attachment and uploaded by the recipient upon opening the attachment, or the recipient follows a link in the body of the email that takes them to a location from which they inadvertently upload the malicious files. The latter is often accomplished by spammers who send email that resembles legitimate correspondence from trustworthy senders.

By far the greatest malicious file sent out via spam email messages in 2010, accounting for 11.19 percent of all such files, looked like Trojan-Spy.HTML.Fraud.gen. Its primary purpose was to acquire recipients’ personal data. The second most common was Trojan-Downloader.JS.Pegel.g, which had an HTML attachment containing a Trojan and a redirect to a malicious web page. It accounted for 2.96 percent of the year’s malicious programs distributed by way of spam email messages.

Other top 10 malware in this category for 2010, in order of prevalence, included the ominous-sounding Email-Worm.Win32.MyDoom.m,, Trojan.Win32.Pakes.Krap.x, Worm.Win32.Mabezat.b, Email-Worm.Win32.NetSky.q, Trojan-Downloader.Win32.Agent.dlhe, Trojan.Win32.Pakes.Katusha.o, and Trojan-Downloader.Win32.FraudLoad.hbf.

The entries containing “Krap,” no pun intended, were primarily used to propagate the notorious Zbot/Zeus Trojan horse file, as well as malware called FraudTools and Iksmas. Others also spread these and similar malicious files and a variety of others, including the fake antivirus programs known as Rogue AVs.

More than 15 percent of 2010’s malware delivered in spam email messages was based on zero-day vulnerabilities. These are security flaws in new programs that have yet to be discovered and remedied by programmers. Malware attached to spam email messages targeted users in the United States more than anywhere else, followed fairly closely by users in Germany, Great Britain, and Japan. Spain, Taiwan, India, France, Italy, and Vietnam make up the rest of the top 10 list of countries targeted by email-based malware attacks.

The inclusion of malicious files in spam email is on the rise. Industry experts are confident that this upward trend will continue through 2011 and in subsequent years. Increasingly, spam transitions from an annoyance and a drain on time and resources to a serious threat to the unsuspecting and unprotected.

Email users should only open expected attachments from known senders. Don’t follow links in unsolicited email, either; there’s a good chance they won’t take you where you think they’ll take you. When you need to follow up on an email, close the message and go directly to the relevant site by typing the URL into your browser’s address bar. And of course, the safest route is to use leading anti-spam filtering technology and virus protection.

Posted in: Malware

Previous post:

Next post: