Malware peddlers turn again to malicious links

In the continuous see-sawing that spammers and malware peddlers perform between sending out emails with malicious links and those with malicious attachments, the former method is again on the rise.

In October, the percentage of spam emails containing malicious links was 7 percent. In November, that number rose to 41 percent and has continued to climb in early December.

“While many malicious emails come with an attachment, organizations can block and filter these types of messages. Symantec believes that the Cutwail botnet (Trojan.Pandex) is behind some of the recent spam messages, along with other botnets, and that attackers have resorted to using links in a bid to avoid email security products that scan for malicious attachments,” noted Symantec senior threat analysis engineer Jo Hurcombe.

Lately, these emails mostly took the form of fake fax message, voicemail and, in Germany, mobile phone bill notifications.

Urged by the message, the victims would followed the offered link to hijacked domains and a PHP landing page where they would be prompted to download the fake document. Unfortunately for them, the file is actually a Trojan downloader, which is then used by the criminals to infect the victims with additional malware.

“This recent shift away from malicious attachments towards malicious links is a reminder that security is a game of cat and mouse,” Hurcombe explained. “Spammers try to gain the upper hand while mail security products implement detections against these shifts.”

As always, users area advise to ignore unsolicited, unexpected, or suspicious emails and not to click on links or download attachments included in them.