The danger behind low-volume email attacks
Posted on 08.10.2012
Bookmark and Share
"Broad [email spam] campaigns often spoof notifications from well-known businesses, establishments, organizations, and agencies, and are very widespread these days. However, smaller volume campaigns sometimes can be as (or even more) dangerous by bypassing the victim's defenses," Websense researchers warned on Friday.


The maliciouus payloads these emails are carrying are often not initially detected by AV solutions, and as the volumes of these campaigns are small, and the contents of the emails are so similar to those of typical business emails (quotations, payments, orders, supply, etc.), network behavior detection, reputation evaluation and antispam rules often fail to recognize the emails as malicious spam.


The malicious attachments are more often than not Zeus variants, and they usually take the form of archive files (ZIP, RAR, etc.), and most often pose as scans of a document.

It's hard to say what users can do to keep safe from these attacks. The emails are unsolicited but that is not at all unusual when someone wants to do business with a company.

The emails purportedly come from individuals from all over the world, so grammatical and language errors are not as suspect as if they were found in an formal / template email from a well-known company or service.

Checking the attached file with VirusTotal or their own AV solution can provide a false sense of security as at the beginning the files are not detected as carrying malware.

It seems that, in cases such as these, other, more complex solutions are required to keep safe - solutions that analyze and discover suspicious patterns in the content body, message attributes, embedded links, and more.






Spotlight

Attackers use reflection techniques for larger DDoS attacks

Posted on 17 April 2014.  |  Instead of using a network of zombie computers, newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. This approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Apr 17th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //