Word of the Week – Malware

Malware, the combination of Malicious and Software, includes things like viruses, spyware, and Trojan horses that attempt to do something, in simple terms, really, really bad, like steal passwords and hijack personal computers to use in a botnet. Fraudsters try to get people to unwittingly install malware through web sites or by opening attachments in emails. This week saw a rise in email malware attacks that should put everyone on notice.

According to Symantec’s September 2011 Intelligence Report, email-borne malware tripled in September and a deadly strain that could mutate to avoid discovery by virus detection systems accounted for 72% of all email-borne malware. The key to its spread was the fact that it would spoof itself as an office printer with the subject line of “FW: Scan from a HP Officejet.” If anything this highlights that companies need a strong corporate policy on authenticating, and blocking any failures, from any source of email within the office, including things we don’t think about, like printers. If you’re looking for further education on authentication, Return Path is teaming with OTA for the OTA Training Academy and Forum. OTA is also giving Return Path fans and followers a 50% discount to attend (use the code OTARP). Read my colleague Tom Bartel’s latest post for more information.

The email community also appears to be under attack again with many email service providers and vendors receiving phishing messages purported to be transactional messages from Athleta. The links in the emails were actually executables that would have installed malware on the victims’ computer which then installs a keylogger to capture user names and passwords. Rebecca Herson from Commtouch has a great writeup including what the email looks like and what the malware is attempting to install. This is a must read.

The Department of Homeland Security and National Institute of Standards and Technology published a request for comments on a proposal that would allow ISPs to inform users on their network when they have been infected by malware, and even disable the user from the internet. Comcast and Cox are both currently doing this now, and Australia has launched a similar initiative with their iCode project. Privacy advocates warn that allowing this could have adverse affects, and may result in ISPs going beyond just malware detection and looking at surfing habits for example.

Have you seen an increase in emails containing malware, and how has your organization reacted to it? Leave your comments below!

Prev Next

minute read

Popular stories