Criminal Gang Debuts Email Threat

MessageLabs announced the findings of its MessageLabs Intelligence Report for April 2007

NEW YORK -- MessageLabs, a leading provider of integrated messaging and web security services to businesses worldwide, today announced the findings of its MessageLabs Intelligence Report for April 2007. In this report, MessageLabs exposes a new level in the convergence between spam and viruses through intercepted cyber-criminal activity, whilst highlighting the increase in spam levels and the emergence of new techniques which have led to decreased rates in traditional virus and phishing threats.

In what could be one of the most defining moments within the threat landscape, MessageLabs has intercepted emails that are both spam and contain a virus. While the cyber-criminals have long used email viruses to create botnets to send spam, this is the first time MessageLabs has seen viruses hidden within stock scam spam. Since April 14, MessageLabs has stopped thousands of these emails as part the latest phase in Storm Worm activity.

Late this month, the latest strains of Zhelatin also known as Storm Worm were being spammed out in stock pump-and-dump emails which also contained links to new malware being hosted on websites under the control of the attackers. Purporting to be a screensaver, the malware then drops the Zhelatin MeSpam engine onto the compromised computer. Until now, new versions of Zhelatin have been distributed via botnets to create larger botnets for the purposes of spamming.

“Why use two emails when just one will do? Now we are seeing the bad guys layer on the threats – as if it’s not enough to just scam someone and fill their inbox with junk email, why not also infect and take control of their computer at the same time? These latest techniques are part of a new boldness being shown by certain criminal gangs we are tracking,” said Mark Sunner, Chief Security Analyst, MessageLabs. “These latest developments also serve to highlight that spam cannot be perceived as just a nuisance and it should be kept away from the desktop. Protection at the Internet level avoids any errors by end-users which could have detrimental impact on a business.”

MessageLabs Ltd.