Infosecurity: Convergence of spam and viruses detected in new attack

Hackers have launched an attack that combines spam and viruses in a new global campaign, according to the latest report from MessageLabs.

The research, released at Infosecurity Europe 2007 in London, shows that for the first time the web security company intercepted emails that are both spam and contain a virus.

“Why use two emails when just one will do?” said Mark Sunner, chief security analyst at MessageLabs.  “Now we are seeing the bad guys layer on the threats – as if it’s not enough to just scam someone and fill their inbox with junk email, why not also infect and take control of their computer at the same time? 

“These latest techniques are part of a new boldness being shown by certain criminal gangs we are tracking.  These latest developments also serve to highlight that spam cannot be perceived as just a nuisance and it should be kept away from the desktop.”

The emergence of convergence techniques has seen a decrease in traditional virus and phishing threats, according to the report.  April saw a drop in phishing attacks compared with the previous month, with one in 416 emails containing a phishing message.  The number of attacks has fallen by 12 per cent - the lowest level seen since August last year.

The study also found that the latest strains of Zhelatin, also known as the Storm Worm, were being spammed out in stock pump-and-dump emails this month, which also contained links to malware being hosted on malicious websites.  Purporting to be a screensaver, the malware then drops the Zhelatin MeSpam engine onto the compromised computer.  Until now, new versions of Zhelatin have been distributed via botnets to create larger botnets for the purposes of spamming.






Sign up to our newsletters