The danger behind low-volume email attacks
Posted on 08.10.2012
"Broad [email spam] campaigns often spoof notifications from well-known businesses, establishments, organizations, and agencies, and are very widespread these days. However, smaller volume campaigns sometimes can be as (or even more) dangerous by bypassing the victim's defenses," Websense researchers warned on Friday.

The maliciouus payloads these emails are carrying are often not initially detected by AV solutions, and as the volumes of these campaigns are small, and the contents of the emails are so similar to those of typical business emails (quotations, payments, orders, supply, etc.), network behavior detection, reputation evaluation and antispam rules often fail to recognize the emails as malicious spam.

The malicious attachments are more often than not Zeus variants, and they usually take the form of archive files (ZIP, RAR, etc.), and most often pose as scans of a document.

It's hard to say what users can do to keep safe from these attacks. The emails are unsolicited but that is not at all unusual when someone wants to do business with a company.

The emails purportedly come from individuals from all over the world, so grammatical and language errors are not as suspect as if they were found in an formal / template email from a well-known company or service.

Checking the attached file with VirusTotal or their own AV solution can provide a false sense of security as at the beginning the files are not detected as carrying malware.

It seems that, in cases such as these, other, more complex solutions are required to keep safe - solutions that analyze and discover suspicious patterns in the content body, message attributes, embedded links, and more.


Biggest ever cyber security exercise in Europe is underway

Posted on 30 October 2014.  |  More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA).

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Oct 31st