Over the past week or so, I have seen a flurry of malware activity that has been escalated to me.  Of course, the most famous of these is the “Here you have” spam campaign that contained a short message with a purported link to a .pdf that instead was a link to a .scr.  This spam/malware campaign, though brief, caused a lot of problems in the world of email.  At one point, for a brief period of time, it was responsible for 14% of all spam.

Yesterday, we had another problem with malware.  This particular problem was a piece of malware that contained some javascript but was a zero-day virus.  However, the contents of the email text made the message look rather benign.  In fact, it looked like a legitimate business message with an HTML attachment.  Here is the body text of the spam message (name of actual bank munged and replaced):

Today I was served a summons from BizyBank with regards to the 20th avenue foreclosure.  Attached is a copy of the summons in its entirety and the first page of the borrower final closing statement at the time the borrower received $100K from TZLK Enterprises.

At the time of applying for the loan, I remember the borrower mentioned about paying off my loan in a short period of time because they were also getting financing from somewhere else. I believe when BizyBank’s loan was closed (without our knowledge) the title company that handled their financing should have paid us off so BizyBank would be in the first position.

In this case, the title company / closing agent for BizyBank made a mistake. I believe that BizyBank is also insured by their closing agent, but at this time I don't know who this agent is.

BizyBank is summoning the wrong party.

You can see by looking at the text of this message, it doesn’t look like spam.  It looks like a legitimate piece of communication.  We had spam rules that caught this before the A/V vendors did, but again, it appeared to cause a lot of havoc with some of our customers.  And now, today, the above malware campaign had morphed yet again and we were seeing a few more escalations around it (or at least I was notified to at least one).

What is interesting to me is that for most of my time in anti-spam, I have remained somewhat insulated from malware and most of my familiarity with it comes from doing academic research.  I hadn’t had a lot of escalations surrounding it.  That is not to say that we never had them, they just weren’t escalated to me they way they have been in the past two weeks.  At this point, I am unclear if malware problems have always been like this (appearing frequently) or if this is a new trend – malware outbreaks that hit hard and hit fast around the Internet and do a lot of damage in a short period of time.  Obviously, that has always been malware’s goal but my query is regarding whether or not the outbreaks haven’t even more sinister (sent from a wider array of IPs and in higher volumes in a shorter period of time).