/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE, INDIA: Secure Computing Corporation SCUR), has come out with its second monthly report that outlines major spam waves in the month of July.
The Secure Computing TrustedSource Research Team detected a spam-based email attack that links to new Web-based malware and features news on Angelina Jolie as bait. Both the Web and email campaigns were detected jointly by Secure Computing's Secure Web (Webwasher) and Secure Mail (IronMail) products, and successfully correlated by the company's global reputation system, TrustedSource.
On average, about 2.28 percent of the total global daily email volume contains subjects like "Angelina Jolie naked," "Angelina Jolie nude movie," and "Angelina Jolie naked video." Approximately 100,000 unique IP addresses were identified as responsible for this spam on the first day of its outbreak.
The "Angelina Jolie" spam campaign contains a URL linked to an executable binary, mostly seen as msvideoc.exe hosted at multiple domains. Secure Web's proactive scanning engine identified it as "Trojan.Crypt.XPACK.GEN," and both Secure Web and Secure Web Protection Service users were protected from the beginning.
Another trend, the company has noticed is has been steady waves of mass-mailings hitting users' inboxes with fake invoices. For example, fake UPS messages claimed that a package couldn't be delivered and was returned, and instructed the user to print an attached invoice-which contained malware.
A number of these spoofs have been seen in the wild. Examples include one German-language threat claiming to be an invoice from PayPal Europe, while another pretended to be from the U.S. Custom Service.
For a few days in the third week of July, there was a new variant of the email that delivers the Trojan for Storm. This one announced that the "Amero" would replace the U.S. dollar.
The email reached its recipients with a subject line claiming something similar to: "The AMERO currency replacing the Dollar." The email instructed the email recipient to click on a URL that displayed a Web page that contained the following:
"The U.S. Government began to realize the plan to replace the Dollar with the "Amero," the new currency of the North American Currency Union. Canada, the United States of America and Mexico have resolved to unit in order to resist the Worldwide Financial Crisis. You can become acquainted with the plan of the implementation of Amero, just click on the icon under this text."
Another trend was the decline of SPF/DKIM use among Fortune 500s-
For those not familiar with Sender Policy Framework (SPF) or Domain Keys Identified Mail (DKIM), these are two forgery countermeasures that can be used by anyone looking to protect the integrity of their outgoing electronic correspondence (email). SPF and DKIM provide a response to recipient email servers interested in knowing whether a particular sender was authorized to send email representing the company's domain.
This is done without divulging any information about the message that was sent and can be very effective at fighting spam, phishing and other forms of spoofing. In order for the recipient to identify a forgery, their mail server must be running software that supports SPF or DKIM lookups (such as Secure Mail).
A Letter to Administrators: Be Aware of a Dangerous Virus Vector Technique
This month Secure Computing's Research Team saw the lowest point for spam volume likely to be seen for the rest of the year. If the traffic volume grows at a rate comparable with previous years, then we can expect to see overall volumes rise by roughly 110 percent from their low point around the second week in July to a high point expected to crest sometime around the end of October or beginning of November, where it will remain steady for a few months.
This growth period will likely be seeded by consistent virus outbreaks that will dot the initial couple months. The surprising success of the recent virus outbreaks are putting traffic about five to seven days ahead of schedule for where it is expected to be, so Secure Computing will be watching to see if perhaps there's an extra-fertile Internet. Our current global volumes are still beneath historic highs reached in the second week of March, and we shouldn't cross that threshold again until around the end of August.
Though growth patterns on a global scale are expected to stay vaguely linear, the effect on individual domains tends to occur in bursts. It is not uncommon to see some companies experience a doubling of their traffic within a week, while others remain unaffected. This has been observed many times in the past but a concrete and defensible hypothesis for predicting this phased growth on an individual basis is still lacking.
Based on observed trends in the recent virus outbreaks, we can expect a number of these virus vectors to consist of no more than basic URL links to infected site. By not attaching the virus payload to the email, the intent is to avoid the preliminary antivirus-signature detection and instead directly challenge the local workstation antivirus through the susceptibility of a bored employee hoping to "accidentally" see some inappropriate pictures. Conceptually it seems like a winning play.