Malware infected spam attacks spike

Researchers at security lab M86 yesterday reported a massive spike in the volume of malware attachments being spotted by their network.

The increase represents six times more traffic than the spike that they reported in April 2011, and is more than double the traffic seen before the SpamIt takedown in October 2010. Researcher Rodel Mendrez reported that this isn’t a result of an overall increase in all times of spam, but is a sharp increase in the proportion of malicious spam:

Last week malicious spam made up at least 13% of the total spam volume we received which is unusual. Yesterday that number spiked to 24%.

More than one malicious spam botnet has increase production this week. M86 have spotted increased activity from Cutwail, Asprox and Festi.

Four of the campaigns, which we identified as originating from the Cutwail botnet are mostly recycled spam themes – Fedex, credit card, changelogs and invoices. The malware is attached within a compressed ZIP archive and is a Trojan that downloads additional malware including Fake AV, SpyEye and the Cutwail spambot itself.

Meanwhile, Asprox is continuing to send out malicious hotel transaction spam. The attached malware in this spam campaign installs a password stealer and Fake AV.

The Festi botnet has also joined the fray and is sending a malicious “UPS” campaign that distributes the Chepvil Trojan, a downloader that is also installing Fake AV.

Read more over at M86 Security Labs.