March saw a 400% increase in spam e-mails with attached malware, with several incidents of spammers appearing to use the credentials of UPS’s online parcel tracking service to make recipients download attached zip files which turn into executable malware.
This is one of the findings of Cyberoam’s April 2011 Internet threats trend report prepared in collaboration with Commtouch.
The UPS malware, once executed, mails out further copies of itself, downloading additional files and, according to some reports, stealing banking credentials.
In a separate PDF malware incident, the body of the e-mail describes the PDF attachment as coming from “Xerox WorkCentre Pro”, a well-known copier/scanner/printer used in offices. Cyberoam detected this malicious PDF as PDF/Expl.IQ.
Abhilash Sonwane, senior vice-president: product management at Cyberoam, comments: “We believe the current outbreak of email malware represents an advanced form of social engineering attacks – this time, malware authors are really targeting the minds of the recipients. When e-mail users receive notifications from well-known entities like UPS and Xerox with subject lines familiar to them, they are likely to drop their guard down and become victims.”
According to the report, cybercriminals are also leveraging forum sites, especially those of free online dating service, using keywords like “Russian bride” to hide phishing pages or malware. In addition, for the first time in over a year, pornographic and sexually explicit sites have been displaced by parked domains and spam sites as being the most compromised categories of sites.