Word of the Week – Malware

Malware, the combination of Malicious and Software, includes things like viruses, spyware, and Trojan horses that attempt to do something, in simple terms, really, really bad, like steal passwords and hijack personal computers to use in a botnet. Fraudsters try to get people to unwittingly install malware through web sites or by opening attachments in emails. This week saw a rise in email malware attacks that should put everyone on notice.

According to Symantec’s September 2011 Intelligence Report, email-borne malware tripled in September and a deadly strain that could mutate to avoid discovery by virus detection systems accounted for 72% of all email-borne malware. The key to its spread was the fact that it would spoof itself as an office printer with the subject line of “FW: Scan from a HP Officejet.” If anything this highlights that companies need a strong corporate policy on authenticating, and blocking any failures, from any source of email within the office, including things we don’t think about, like printers. If you’re looking for further education on authentication, Return Path is teaming with OTA for the OTA Training Academy and Forum. OTA is also giving Return Path fans and followers a 50% discount to attend (use the code OTARP). Read my colleague Tom Bartel’s latest post for more information.

The email community also appears to be under attack again with many email service providers and vendors receiving phishing messages purported to be transactional messages from Athleta. The links in the emails were actually executables that would have installed malware on the victims’ computer which then installs a keylogger to capture user names and passwords. Rebecca Herson from Commtouch has a great writeup including what the email looks like and what the malware is attempting to install. This is a must read.

The Department of Homeland Security and National Institute of Standards and Technology published a request for comments on a proposal that would allow ISPs to inform users on their network when they have been infected by malware, and even disable the user from the internet. Comcast and Cox are both currently doing this now, and Australia has launched a similar initiative with their iCode project. Privacy advocates warn that allowing this could have adverse affects, and may result in ISPs going beyond just malware detection and looking at surfing habits for example.

Have you seen an increase in emails containing malware, and how has your organization reacted to it? Leave your comments below!

minute read

Popular stories



BriteVerify email verification ensures that an email address actually exists in real-time


The #1 global data quality tool used by thousands of Salesforce admins


Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality


Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time