The danger behind low-volume email attacks
Posted on 08.10.2012
"Broad [email spam] campaigns often spoof notifications from well-known businesses, establishments, organizations, and agencies, and are very widespread these days. However, smaller volume campaigns sometimes can be as (or even more) dangerous by bypassing the victim's defenses," Websense researchers warned on Friday.


The maliciouus payloads these emails are carrying are often not initially detected by AV solutions, and as the volumes of these campaigns are small, and the contents of the emails are so similar to those of typical business emails (quotations, payments, orders, supply, etc.), network behavior detection, reputation evaluation and antispam rules often fail to recognize the emails as malicious spam.


The malicious attachments are more often than not Zeus variants, and they usually take the form of archive files (ZIP, RAR, etc.), and most often pose as scans of a document.

It's hard to say what users can do to keep safe from these attacks. The emails are unsolicited but that is not at all unusual when someone wants to do business with a company.

The emails purportedly come from individuals from all over the world, so grammatical and language errors are not as suspect as if they were found in an formal / template email from a well-known company or service.

Checking the attached file with VirusTotal or their own AV solution can provide a false sense of security as at the beginning the files are not detected as carrying malware.

It seems that, in cases such as these, other, more complex solutions are required to keep safe - solutions that analyze and discover suspicious patterns in the content body, message attributes, embedded links, and more.






Spotlight

Targeted attack protection via network topology alteration

Posted on 17 October 2014.  |  This article from Trend Micro tackles how network topology can aid in defending the enterprise network from risks posed by targeted attacks.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Oct 20th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //