Spam Attacks on the Rise in Q3

Identity thieves and hackers appear to be coming at Windows users from all fronts, most commonly with spam. They were particularly active during the third quarter of 2008, when they did it eight times more frequently than in the previous quarter, according to a report released Monday by Sophos.

The study found that one out of every 416 e-mails in Q3 contained bogus or malicious attachments. This is up significantly from the period between March and June, which tallied just one such e-mail for every 3,333.

"For Apple Mac and Unix lovers, these major spam attacks just mean a clogged-up inbox, not an infected operating system. But organized criminals are causing havoc for Windows users in the hunt for cold, hard cash," said Graham Cluley, senior technology consultant at Sophos, in an e-mail to

It's hard to get a clear read on the number of successful attacks because enterprises don't want to tip their hand and embarrassed users aren't exactly chomping at the bit to report these occurrences. But the Sophos report can't simply be dismissed as an aberration or a marketing tool for anti-virus software; a separate report, also released Monday, appears to confirm the pattern of spam growth.

Enterprise gateway security firm Secure Computing Corp.'s Q3 2008 Internet Threats Report found that spam volumes returned to record highs in the quarter with "fairly steady monthly increases throughout the summer." Over 5,000 new zombies were created every hour, according to Secure Computing's report. Among the most common attacks were the Agent-HNY Trojan, which was responsible for more than 25 percent of all e-mail attachment malware in the quarter.

The EncPk-CZ Trojan is another example of the type of spam that seeps into inboxes (one such malicious virus came disguised as a Microsoft security patch). The Sophos report stated that EncPK strains accounted for 12 percent of all the disclosed e-mail-borne bugs over the past three months.

As for Secure Computing's study, the company said the increase in the spam it tracked was due to malicious e-mails with the subject line "Your bank has failed," "Breaking News," "Delivery Status Notification" or "Election scoop" -- with the latter invariably mentioning the name "Obama." It turns out that 80 percent of election-related spam currently bears the Democratic presidential nominee's name. Secure Computing's TrustedSource Labs estimates the number of worldwide U.S. election-related spam e-mails at approximately 100 million messages per day.

Meanwhile, Sophos' Cluley said that hackers count on end users to "click without thinking, thus exposing themselves to hackers hell-bent on gaining access to confidential information and raiding bank accounts."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • RAMBleed Side-Channel Attack Method Disclosed by Researchers

    Academic researchers this week published information about another side-channel attack method, called "RAMBleed," that can expose information from memory chips, including encryption key information.

  • Penguin

    Windows 10 Preview Build 18917 Shows Off New Linux Integration

    Microsoft's latest Windows 10 "fast-ring" preview release is showcasing a coming Delivery Optimization enhancement, along with the ability to try the newly emerged Windows Subsystem for Linux version 2.

  • Customizing Microsoft Office 365

    While the overall look and feel of Office 365 is pretty standard across organizations, there are several ways to personalize it and make it fit better with your company's specific needs.

  • Microsoft 365 Business Tenants Getting Conditional Access and Trouble-Ticket Features

    Microsoft added its conditional access security service to Microsoft 365 Business subscriptions, according to a Wednesday announcement, and it also added new trouble-ticket features for Microsoft 365 administrators.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.