Spam Attacks on the Rise in Q3
- By Jabulani Leffall
Identity thieves and hackers appear to be coming at Windows users from all
fronts, most commonly with spam. They were particularly active during the third
quarter of 2008, when they did it eight times more frequently than in the previous
quarter, according to a report
released Monday by Sophos.
The study found that one out of every 416 e-mails in Q3 contained bogus or
malicious attachments. This is up significantly from the period between March
and June, which tallied just one such e-mail for every 3,333.
"For Apple Mac and Unix lovers, these major spam attacks just mean a clogged-up
inbox, not an infected operating system. But organized criminals are causing
havoc for Windows users in the hunt for cold, hard cash," said Graham Cluley,
senior technology consultant at Sophos, in an e-mail to Redmondmag.com.
It's hard to get a clear read on the number of successful attacks because enterprises
don't want to tip their hand and embarrassed users aren't exactly chomping at
the bit to report these occurrences. But the Sophos report can't simply be dismissed
as an aberration or a marketing tool for anti-virus software; a separate report,
also released Monday, appears to confirm the pattern of spam growth.
Enterprise gateway security firm Secure Computing Corp.'s Q3
2008 Internet Threats Report found that spam volumes returned to record
highs in the quarter with "fairly steady monthly increases throughout the
summer." Over 5,000 new zombies were created every hour, according to Secure
Computing's report. Among the most common attacks were the Agent-HNY Trojan,
which was responsible for more than 25 percent of all e-mail attachment malware
in the quarter.
The EncPk-CZ Trojan is another example of the type of spam that seeps into
inboxes (one such malicious virus came disguised as a Microsoft
security patch). The Sophos report stated that EncPK strains accounted for
12 percent of all the disclosed e-mail-borne bugs over the past three months.
As for Secure Computing's study, the company said the increase in the spam
it tracked was due to malicious e-mails with the subject line "Your bank
has failed," "Breaking News," "Delivery Status Notification"
or "Election scoop" -- with the latter invariably mentioning the name
"Obama." It turns out that 80 percent of election-related spam currently
bears the Democratic presidential nominee's name. Secure Computing's TrustedSource
Labs estimates the number of worldwide U.S. election-related spam e-mails at
approximately 100 million messages per day.
Meanwhile, Sophos' Cluley said that hackers count on end users to "click
without thinking, thus exposing themselves to hackers hell-bent on gaining access
to confidential information and raiding bank accounts."
Jabulani Leffall is a business consultant and an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others. He consulted for Deloitte & Touche LLP and was a business and world affairs commentator on ABC and CNN.