Malspam

Short bio

Spam is the general term used to specify unsolicited emails.  Malware Spam or MalSpam is the term used to designate malware that is delivered via email messages.

History

Although the first instance of a piece of malware being delivered by spam is unknown, the 1999 Melissa mass-mailing virus is recognized to be the first malware widely distributed by email. Melissa would scan email contact lists and proceed to send a copy of itself to the first 50 contacts within the list. While Melissa did not destroy files or other resources, the virus had the potential to disable corporate and other mail servers by consuming resources while seeking out additional contacts and mailing copies of the virus to others.

Copy-cat viruses using email as the method of dissemination quickly emerged soon after. With each virus at the time competing for infection rates and CNN headlines, email quickly proved to be a viable method to deliver malicious attachments to unsuspecting users. The ILOVEYOU mass-mailing worm that came out in 2000 infected tens of millions of computers worldwide and caused billions of dollars in damage.

From that point forward, email has been a primary vector for the delivery of malware and unfortunately there are few signs that the trend is slowing. Email has proven to be a highly valuable and highly successful vector for the installation of malware to unsuspecting users.

Methods of attacks for MalSpam can run the gamut.  Everything from blanket MalSpam campaigns, covering millions of addresses purchased from email address providers, to highly sophisticated targeted campaigns, covering one or two people are extremely common.

Research from the firm Radicati indicates that roughly 205 billion emails are sent each day. And according to ITU, roughly 80% of all email messages are spam. While it’s hard to identify an exact number of emails delivering MalSpam, it’s clear that malware authors continue to see enough successful installations of their malicious programs to warrant the continuation of such endeavors.

Common infection method

MalSpam by definition is malware delivered via email, and as such, this will always be the infection vector for malware with this classification.

Associated families

Many families and types of malware have been delivered by email. There is no limit or restriction to the types of malware which can be sent via email. This includes:

  • Ransomware
  • Trojans/Bots
  • Info Stealers
  • Spyware/Click-Hijackers

Remediation

Remediation depends on the type of malicious software that was received. Users are advised to check within the particular MalwareNet profile that best fits the malware received for additional information.

Aftermath

Aftermath of an infection originating from MalSpam will be dependent on the type of malware received. Users are advised to check within the particular MalwareNet profile which best fits the malware in question for additional information.

Avoidance

Never download or view attachments from unknown senders. Always treat attachments from known senders as possibly suspicious unless the information has been directly solicited. Never execute executable files. And even if the document advises otherwise, don’t enable Macros within Office products. If there is a doubt, contact the sender prior to opening the attachment to inquire further. Scan attachments with a reputable anti-malware product such as Malwarebytes Anti-Malware, or scan the file against a collection of products at www.virustotal.com.

Screenshots