View All Spam

Massive Rise in Malicious Spam

By Rodel Mendrez  •  August 16th, 2011  •   Spam

In April this year, we reported on a spike in malicious spam. Yes, that was a significant increase but not as massive as we have observed this week. From the beginning of August, we have observed a huge surge of malicious spam which far exceeds anything we have seen over the past two years, including prior to the SpamIt takedown last October. The majority of the malicious spam comes from the Cutwail botnet, although Festi and Asprox are among the other contributors.

 

Last week malicious spam made up at least 13% of the total spam volume we received which is unusual. Yesterday that number spiked to 24%.

Spam by category as of last week

Four of the campaigns, which we identified as originating from the Cutwail botnet are mostly recycled spam themes – Fedex, credit card, changelogs and invoices. The malware is attached within a compressed ZIP archive and is a Trojan that downloads additional malware including Fake AV, SpyEye and the Cutwail spambot itself.

Fedex

Fedex Spam Campaign

Credit Card Blocked

Credit Card Blocked spam campaign

Invoice

Invoice spam campaign

Change Log

Change Log spam campaign

 

Meanwhile, Asprox is continuing to send out malicious hotel transaction spam. The attached malware in this spam campaign installs a password stealer and Fake AV.

Sample of malicious spam sent by Asprox

 

The Festi botnet has also joined the fray and is sending a malicious “UPS” campaign that distributes the Chepvil Trojan, a downloader that is also installing Fake AV.

UPS spam campaign sent by Festi

This is an epic amount of malicious spam. After multiple recent botnet takedowns, cyber criminal groups remain resilient, clearly looking to build their botnets and distribute more fake AV in the process. It seems spammers have returned from a holiday break and are enthusiastically back to work.

Tags:    |    |    |  

Comments are closed.