Beware of a wave of “ghost mail’
PandaLabs has detected numerous cases around the world of users receiving emails with their own address in the sender and recipient fields. The subject and text (in HTML) of these messages are made up of apparently random numbers.
These emails are not actually sent from the user’s address, but use an address spoofing technique to disguise the origin of the message.
At least users can rest assured that these messages do not contain malware. However, what is worrying is that the receipt of one of these messages possibly implies that the email address is part of a database used for malicious purposes by cyber-crooks. Such action could range from the sending of spam to phishing attacks or distribution of known or unknown malware.
According to Luis Corrons, director of PandaLabs, “The most likely scenario is that a group of hackers are checking the validity of email address databases. By sending these messages they can determine if the addresses are active or not and remove those that are no use. On the other hand, what most surprises users is that the message comes from their own address. This is not a mystery in itself as those responsible are trying to evade mail filter systems that users may have installed, as nobody filters out their own email address.”
Those who receive these messages, given that it is impossible to determine what type of attack could occur, are advised to have security solutions integrating a range of technologies (anti-spam, anti-phishing, antivirus, anti-spyware, etc.) in order to combat all types of malware. Similarly, given that with the current malware dynamic (with the motivation of financial returns) attackers try to surreptitiously drop their creations on computers instead of causing massive epidemics, it is important that a security solution includes proactive technologies that can detect malware without the need to have identified it previously.
“We don’t know when the attack will take place or what type of attack it will be. What is certain is that someone has gone to too much trouble to just leave it at that, and so in this case it is best to take preventive action. Of course, those who have received a message like this should be on their guard as it is a symptom that their email address is in the wrong hands,” explains Luis Corrons.