As the number of spam emails if going down, the numbers of messages with infected attachments are on the rise. This, according to Bitdefender, means that spamming becomes more dangerous even if it is not so predominant as in the past.
In the first month of the year, the attachments containing malicious software had a 4% increase from the same period last year, no matter that overall the spam emails were reduced with more than 16% in the first three months of 2012. From the 264.6 billion spams received daily, 1.14% contained attachments, and around 300 million were harmful.
The attachments found in this spam email vary from phising forms that try to fool users and make them type their credit card informations to packs of malware that contains worms, Trojans and viruses that will give headaches to unwary users.
Engineers from Bitdefender are interested in finding out what kind of malware hits the users inbox, so here is a “top five” of the most frequent attached malware found in spam emails:
MyDoom, first seen in 2008 is a mass mailer worm that is still received in the email inboxes. After the text of the email convinces the user to run the attachment, the worm will send an email containing itself to every adress it founds on the system with different subjects and body tags.
This worm, the MyDoom will also deploy a backdoor so that a remote attacker can take full control of the infected computer. In the same time it will update a list with corrupted IP`s, so that every system that was infected gets in a database. This worm was used a lot in DDOS attacks targeting software producers and antivirus developers.
On the third place we find Netsky, another mass mailer that just like MyDoom, will email itself to all the adresses on the computer and will also replicate via P2P, shared files of FTP. It has also a lot of subjects, created to fool the victim into opening the message. If the attachment is run, the worm will show a message that looks to be from the installed AV solution telling that no virus was found on the host.
It is very interesting that Netsky will never send itself to adresses that contain words like antivirus or security.
Found on the fourth spot is Mytob, a worm that will disallow users from hooking up with lots of antivirus vendors websites. In the same time it will open a backdoor for cybercriminals.
In the fifth place is the Bagle worm that is another mass mailer. It gathers email adresses and will send itself to all of them and will also download more adresses from a list found online. In order to get pass by the antivirus it will terminate the processes related to the security solutions. After that it will download and execute various files from underground websites.