Malware Delivery Techniques Focus on HTML Attachments

Use of malicious HTML email attachments increased significantly in the third quarter according to Internet security technology vendor CommTouch.  In its Q3 2010 Internet Threats Trend Report (PDF), CommTouch examined the methodology within blended attacks, such as the "Here You Have" worm, which spread widely in September using Outlook contact lists from infected PCs. Both "Here You Have" and numerous fake LinkedIn invitations relied on a combination of social engineering and masked hyperlinks to lead users to websites with malware scripts. 

"The increased use of HTML attachments shows how prominent the multi-stage attack vector has become," said Asaf Greiner, Commtouch vice president, products. "The blended nature of malicious activity further highlights the need for an integrated security offering that can block spam and malware emails, prevent users from visiting malicious Web sites and delete malware files and scripts."  

Other highlights from the Q3 Trend Report include:

  • Spam levels averaged 88% of all email traffic throughout the quarter, peaking at over 95% in mid-September with 198 billion spam/phishing messages per day. By comparison, Q2 spam levels averaged 80% of all email, with 179 billion spam/phishing messages per day.
  • Approximately 339,000 zombies were activated daily, almost 30,000 more per day than in the previous quarter.
  • The most popular spam topic this quarter was pharmacy (59% of all spam).
  • For the third quarter running, pornography/sexually explicit material is the website category most likely to include malware.
  • India keeps its title for the second quarter in a row as the country with the most zombies - 14% of all zombies worldwide.
  • Streaming media/downloads continues to be the most popular topic for blog creators in the Web 2.0 sphere of user-generated content.