Malicious Spam on the Rise

Research carried out by two security companies has provided information that most people will have already recognised – in the last week there has been a significant increase in spam and specifically malicious messages such as emails carrying trojans (phishing messages).

From SC Magazine:

M86 Security noted a huge surge of malicious spam that it said far exceeds anything it has seen over the past two years. Its research found that last week, malicious spam made up at least 13 per cent of the total spam volume, which it said was unusual, however that figure spiked to 24 per cent yesterday.

Malicious spam, in this context, appears to be taking the form of email messages with fake shipping confirmations in Zip archives. Inside the archives are “trojan” applications which download additional malicious software – including fake anti-virus software – which will try  to create an open link from inside your network.

This sort of phishing attack should be fairly common to any business with an internet connection and with good security procedures, including effective staff training, you should be reasonably secure. However, this would be an excellent opportunity to remind your staff about the risks and let them know what to do with suspicious emails & attachments.

If you, or your company, runs a website that allows comments you will probably have seen a significant spike in spam messages this week. This blog has had more than 15 times as many spam comments this week as our previous averages although almost all of these have been caught before they were posted.

This is a good reason to make sure that any website you are responsible for, which allows and encourages user interaction (comments), has something to capture spam comments. There are several options you can take – Akismet, moderating all messages, CAPTCHAs – and we would normally suggest you have a combination. Where your reputation is on display, it is important that you make sure you have suitable control over what is allowed through.

Halkyn Security

Halkyn Security Consultants.