Within the last month, a dramatic, large-scale spike in the volume of malicious spammed out email attachments has been discovered plaguing the World Wide Web. This abrupt spike was discovered by a computer security company called Commtouch. Commtouch is the original equipment manager (OEM) for many of the well-known and respected brand names that deal will anti-Malware protections and anti-Spam precautions in the computer security industry. What Commtouch discovered was that some unknown entity – an individual or a group of some sort – has already actively targeted millions of computer systems, since August, with nasty spammed out emails that contain seditious attachments that are plagued with malware.
What is most striking about these raging, out of control spammed out emails and the infected attachments that they contain, is that they do not follow any pattern considered typical when dealing with spam, and this reality begs the question: why is this particular brand of spam being considered atypical?
Why Are the Involved Malicious Email Attachments, Themselves, Considered Atypical Spam?
From several different arenas within the online PC security industry, it has been reported that these malicious attachments are actually emails laced with malware; these malicious email messages and attachments comprise a direct malware assault that is being waged against millions of computer users worldwide. The extensively endemic and rampant nature of these malicious attachments poses a precarious and worry-inducing online security environment and situation, where malware is being distributed all over the world on a massive scale.
The usual pattern employed by malicious cyber spam-type scams is well known and has been seen hundreds of thousands of times. Lately, the typical pattern of malicious spammed out emails consists of bogus email messages that claim to contain all kinds of important details about your Skype account, Facebook page, Windows Live email, and etc. – the list could go on and on – and most often, the ultimate purpose of these types of spam messages is for them to function as a means of turning a targeted system into a bot to increase the potential spam distribution or as phishing scams out to deceive and manipulate computer users into providing all types of personal information and financial data – which, of course, is always of a sensitive and confidential nature – to the cyber criminals behind the spam.
What’s more, in discussing this monstrous outbreak of malicious email attachments, Commtouch remarked that “In the past large malware outbreaks have resulted in the expansion of botnets which have then been used to send large volumes of spam. Malware distribution therefore aimed to increase spam distribution, but this does not seem to by the case now.”
The Numbers Don’t Lie
Credible computer security news outlets have provided significant statistics, which reveal that – since the infamous fall of the Rustock botnet earlier this year, in March – the overall levels of malicious spammed out attachments has decreased, internationally; with this said, however, the volume of infected email attachments, the world over, has risen through the roof.
Evidence provided by Commtouch clearly shows just how markedly the number of malicious email attachments being sent out each day has risen.
At the beginning of August, the security company’s monitoring reports showed that anywhere from several hundred million to a couple billion malicious attachments were being spammed out each day. By August 8, the reported numbers skyrocketed to approximately 25 billion malware imbued emails a day.
In other words, from the first week to the second week of August, the reported number of malicious email attachments daily sent out rose exponentially – from two billion a day, at most, to somewhere around twelve times that amount.
The Computer Security Community’s Online Discussion of the Situation
With millions of computer systems being targeted all across the globe, the question of why there has been such a sudden and definitively noticeable increase in the number of malicious email attachments being sent out is one question that no one really seems to have an answer to.
This does not, however, mean that this question is not being thoroughly researched and widely debated. In fact, there have been many attempts within the online computer security community to hash out this question, in order to come to some kind of viable conclusion; a range of various hypotheses have even been raised, but as of yet, it seems that there is no concrete answers.
The amount of work and effort that it takes to pull off such a massive scale assault of infected spammed out email attachments, is not minimal or insignificant; in fact, just the toil and labor required to create and design the email messages – the templates themselves – not to mention the overall themes of the scam, is quite involved, and this factuality led Commtouch to remark upon the topic in question by addressing the issue of the payoff for this huge spam scam, asking what is the payoff and where is it coming from?
Nobody seems to know; this question seems to be yet another of this story’s problematic queries without an obvious answer. Though they were clear on the point that they cannot be certain of any one, concrete answer, Commtouch willingly conjectured that the cyber-criminals behind these malicious attachments may plan to utilize the malware infections to increase the number of bots, available on the Web, to force spammed out emails or ‘Denial of Service Attacks (DDoS)’. With this said, though, Commtouch also remarked that as plausible as this kind of payoff motivation may be, there have not been any reports regarding spam or DDoS that support this hypothesis.
Additionally, Commtouch also named authentication theft scams – such as those often employed to utilize various social networking accounts, messenger, or email – or financial fraud, of some kind, as other possible payoff schemes, but as is true of Commtouch’s previous theory about increasing the number of online bots available to aid with spam and/or DDoS, the security company also stated that no outside data provides any evidence attesting to irregular reports for these particular brands of cyber-crime.
Commtouch concluded their statements about this massive outbreak of malicious spammed out email attachments by noting that the company will continue to track the situation, provide the online cyber community with pertinent information about any updates or changes, and will keep the users up-to-date all throughout.
What the average computer user is left with, then, are some disturbing questions with no available answers; in a word, they are left with the unknown. For now, the online security industry is doing its best to keep its consumers informed, and ESG’s security analysts are strongly recommending that all users remain vigilant and wary against any kind of random or unknown email attachments. In addition, as always, it is also imperative to keep all security software, operating system software, as well as any other similar, vital system software updated and in check.