The spam trend continues: more and more malware

In October we’ve seen a lot of spam carrying malware and by the speed with which the emails and the malware were detected, we all thought that it will stop soon.

Having a look in the first 3 days of November we have observed that the trend didn’t actually change. We did notice changes in the social engineering techniques used to advertise the various malware, though.

We have the good old trick with the

- notification “Attachment: no virus found” (detected as TR/Netsky.HB) ,
01-antivirus

- “promised photos” from the last holidays (detected as TR/Crypt.ZPACK.Gen),
02-photos

- boss sending a letter (detected as BDS/Small.ZO Backdoor server),
03-boss

- undelivered DHL Package (detected as TR/Crypt.ZPACK.Gen),
04-dhl

- and of course the Facebook password change request (current versions detected as BDS/Small.ZO Backdoor server).
05-facebook

Except these malware emails which make up more than 60% of the spam we received so far, the trend is constant: Spam mails concerning online casinos, online pharmacies and various replicas clog up the inboxes.

If the trend from last year is going to be repeated this year, then we should start to see a lot more spam spreading malware and phishing soon. Last years November was pretty busy but we’ve recorded a very relaxed December.

All the above mails are being detected by our Antispam engine as Spam and by the Antivirus engine as already described. Avira users thus are well protected.

Sorin Mustaca
Manager International Software Development