Please wait while we infect your computer – more malicious HTML attachments

August 30th, 2010 by Avi Turiel | Category: Email Security | View Comments

Commtouch labs have detected large volumes of emails with malicious HTML attachments.  The emails purport to come from a range of legitimate sites including:

Bell Canada
Craigslist
NewEgg

So let’s say you read our previous blog about the rise of the malicious HTML attachments.  You open the attached HTML file in a text reader to find the malicious links [...]

Email-malware senders guide – Chapter 1

July 26th, 2010 by Avi Turiel | Category: Email Security, malware | View Comments

Last week we saw an interesting series of emails which seemed to indicate a mid-outbreak change of tactic.  The initial series of emails all had banking and account related themes.  The emails indicated that it was necessary to open an attached document file.  The attachments were actually zipped executable Trojan downloaders.

A Virus-Total (www.virustotal.com) scan showed [...]

Widespread fake Amazon orders lead to PDF malware

July 22nd, 2010 by Avi Turiel | Category: Email Security, Web Security | View Comments

Well-crafted emails mimicking Amazon order confirmations have been detected in large quantities in the past week.  The Amazon logo and “your account” button actually take image files from the Amazon website.  The email includes twelve links designed to motivate recipients to click:

More information about an Amazon Visa card
The ordered items are not shown and are [...]

Tags: , ,

HTML attachments – now with malware!

July 21st, 2010 by Avi Turiel | Category: Email Security, malware | View Comments

In the last few weeks we have detected increasing usage of HTML attachments in a variety of message types – all of them attempting to install malware.  These sorts of attachments are generally not blocked by message scanning systems.  In addition they may arouse less suspicion in users than zipped attachments.
In the examples below, the [...]

Tags: ,

Reset your Twitter password – Malware

June 15th, 2010 by Avi Turiel | Category: Email Security, malware | View Comments

Commtouch labs have received scores of emails targeting twitter users.  The emails have been neatly constructed to include the email address within the email – making them look more genuine.
Recipients are asked to open an attached html file to view their new password.  The website that loads contains a browser exploit.  Not very friendly…

How can they misuse thee Google – Let us count the ways.. (Part 1)

May 4th, 2010 by Avi Turiel | Category: Data & Research, malware | View Comments

Being the number one name on the Web and also offering so many useful services naturally attracts misuse by the shadier side of the Internet.  We’ve written in the past about the abuse of google docs and spreadsheets.  And in our Q1 trend report we discussed the high percentage of spam emails with forged sender [...]

Spammers have given up!

March 3rd, 2010 by Avi Turiel | Category: Email Security, Spam Favorites | View Comments

No, not really – but a recent outbreak seems to use no technique at all to get recipients to click on a link to a malware-hosting site.  The emails (samples below) have no subject (other than RE: or FW:), no text telling you why you should click on the link, no hidden URLs behind on-screen [...]

Webcast Provides Insight Into Web Security Threats in 2010

December 15th, 2009 by Eyal Orgil | Category: Commtouch Partners, Web Security | View Comments

Commtouch Security Alliance partners Sunbelt Software, RSA, the Security Division of EMC, and Commtouch held an informative webcast this past Thursday discussing the latest in web security threats. The webcast, entitled “Stormy Web Ahead: A Forecast of Web Security Threats in 2010,” provided essential information needed to understand the web security threats that organizations and [...]

Rise in Number of New Email-borne Viruses Not Caught by Major AV Engines

June 30th, 2009 by Shara Grifenhagen | Category: Data & Research | View Comments

From late May through June, Commtouch Labs noted a sharp rise in the number of new viruses being circulated via email that were not caught by the major anti-virus engines. A new Malware Report released by the company details several outbreaks whose wide distribution caused malware numbers to temporarily and exponentially increase from the rather [...]

A few Words about the Commtouch Milter

What is a Milter?
Sendmail and Postfix are the most popular open-source mail transfer agent (MTA); Sendmail has both free and commercial editions.
Due to the emergence of threats and unwanted content such as viruses and spam, a need arose to filter those messages closer to the perimeter, before they reach the end-user mailbox; however, since both [...]