Eight times more malicious e-mail attachments spammed out in Q3 2008
Sophos reports identity thieves and hackers striking Windows users on all fronts; Russia becomes a more important player in the Dirty Dozen league of spam-relaying nations
IT security and control firm Sophos has released the results of its investigation into the latest spam trends and revealed the top twelve spam-relaying countries for the third quarter of 2008. The figures show an alarming rise in the proportion of spam e-mails sent with malicious attachments between July and September 2008, as well as an increase in spam attacks using social engineering techniques to snare unsuspecting computer users.
Sophos’s latest report reveals that one in every 416 e-mail messages between July and September contained a dangerous attachment, designed to infect the recipient’s computer — a staggering eight-fold rise compared to the previous quarter where the figure stood at only one in every 3,333 e-mails.
Sophos has identified that much of this increase can be attributed to several large-scale malware attacks made by spammers during the period. The worst single attack was the Agent-HNY Trojan horse which was spammed out disguised as the Penguin Panic Apple iPhone arcade game. Other major incidents included the EncPk-CZ Trojan which pretended to be a Microsoft security patch, and the Invo-Zip malware, which masqueraded as a notice of a failed parcel delivery from firms such as Fedex and UPS. Windows users opening any of these attachments exposed their PCs to the risk of infection and potentially put their identity and finances at risk. The most widespread attacks seen by Sophos are not designed to run on Unix and Mac OS X.
“For Apple Mac and Unix lovers, these major spam attacks just mean a clogged-up inbox, not an infected operating system. But organized criminals are causing havoc for Windows users in the hunt for cold hard cash,” said Graham Cluley, senior technology consultant at Sophos. “Too many people are clicking without thinking - exposing themselves to hackers who are hell-bent on gaining access to confidential information and raiding bank accounts. The advice is simple: you should never open unsolicited attachments, however tempting they may appear.”
