The emails pose as bills from AT&T Wireless that have monthly balances around $1,000, an amount the cybercriminals are hoping will prompt a response by the recipient.
“If people are AT&T Wireless customers, they would be pretty outraged….We can imagine that a lot of people click” on the malicious links, Avi Turiel, director of product marketing with Commtouch, told Infosecurity.
Every link in the email leads to a compromised website, with such innocuous sounding names as Angelica’s Bakery but with hidden malware, Turiel explained in a blog.
Turiel told Infosecurity that the criminals behind the spam emails have taken authentic AT&T Wireless emails and copied them. “They look very authentic, but when you mouse over the links…every one of those leads to compromised websites.”
These websites contain malware that looks for vulnerabilities in Adobe Reader and Flash Player. Once the vulnerability is exploited, the malware establishes a presence on the machine and then downloads additional malicious software, he added.
While this clever spam is making the rounds, the overall level of spam is down this quarter, according to Commtouch’s quarterly threat report. In the first quarter of 2012, an average of 94 billion spam emails were sent per day, compared to an average of 150 billion spam emails in the first quarter of 2011. The report is based on an analysis of the 10 billion transactions handled every day by Commtouch’s GlobalView Cloud product.
Spam levels went down around 30% after the takedown of the Rustock botnet, and have stayed down since then, noted Turiel. “There does seem to have been a long-term effect, and it looks like we are looking at a significant change” in spam volumes.
The report also found that pornographic websites were the most likely to contain malware, while pharmaceuticals and replicas were the most popular spam topics in the first quarter.
India retained its title as the country with the most zombies – 19.2% of all zombies worldwide. Around 270,000 zombies were activated daily to serve their botnet masters, the report found.