Dianna Dilworth
May 03, 2007

Spammers exploiting social engineering to spread malware: Commtouch

Spammers are increasingly using social-engineering techniques to lure e-mail recipients to open e-mail infected with malware, according to a new study by e-mail security company Commtouch.

The study, "Q1 2007: Malware Outbreak Trends," describes how malware writers use speed, variation and social-engineering techniques to mass distribute malicious software over the Internet. They have adopted the methods on a large scale in hopes of getting e-mailers to open infected messages and attachments.

"Users have had it drilled into them that they should not open attachments they are not expecting or from people they do not know, but sometimes the temptation is just too great," said Rebecca Steinberg Herson, senior director of marketing at Commtouch, Sunnyvale, CA. "Lots of people want to see an interesting video clip or open a greeting card, so if the subject line makes sense to them and the sender's name sounds familiar enough, users are clicking on the attachment and getting infected."

The Commtouch report said the Storm/Nuwar e-mail-virus outbreak in mid-January used tabloid-like headlines - including "230 dead as storm batters Europe," "First nuclear act of terrorism!" and "a bouquet of love" - in their e-mail subject lines to persuade readers to click.

In February, the Tibs/Zhelatin e-mail-borne malware was disguised as a Valentine's Day greeting. It combined a subject-line holiday greeting - such as "5 reasons I love you" and "A song to you" - with file the names "flashpostcard.exe" and "greetingcard.exe."

In addition, the Nurech malware tried to fool e-mail recipients by adding recognizable file signatures such as ".doc," ".jpg" and ".pdf" before the ".exe" extension.

"The distribution speed of malware has increased significantly over the past year or so, since it is being sent out via zombies - computers that have been taken over by a bot and used to send out spam and malware - without the user's knowledge," Ms. Steinberg Herson said.

"Because the distributors have virtually unlimited sending power from PCs all over the world," she said, "they can afford to send vast amounts of malicious e-mail simultaneously from multiple locations."

Similar Articles

Follow us on Twitter @dmnews

Latest Jobs:

Featured Listings

StrongMail

StrongMail

We're StrongMail. We cater to enterprises looking for more than just a ...

Bronto Software

Bronto Software

Bronto Software provides the leading marketing platform for retailers and other commerce-focused companies ...

Knotice

Knotice

Knotice allows you to seamlessly manage your multi-channel mix, maximizing the ROI of ...

more »

More in Email Marketing

Relevancy Becomes More Relevant to Emailers

Relevancy Becomes More Relevant to Emailers

Email marketers appear on the cusp of embracing new technology, according to a new survey.

A Fresh Email Strategy for Fresh Water

A Fresh Email Strategy for Fresh Water

How charity: water met its $1.7m fundraising goal in a single month with a more mature email strategy.

The Future of Email Marketing

The Future of Email Marketing

6 trends marketers should watch to ensure long-term success with their email marketing.