Proving that most malicious hackers are more than happy to employ time-tested tactics instead of developing sophisticated new techniques and tools, Symantec has reported a huge spike in generic polymorphic malware (malware that changes shape to bypass detection) spread via good old fashioned socially engineered email messages.
Generic polymorphic malware variants accounted for 72 percent of all email-borne malware in September, compared with 18.5 percent in August and 23.7 percent in July. "This unprecedented high-water mark underlines the nature by which cyber criminals have escalated their assault on businesses in 2011, fully exploiting the weaknesses of more traditional security countermeasures," wrote Paul Wood, senior intelligence analyst at Symantec.
The challenge for cyber criminals is to dupe victims into downloading and opening dangerous attachments. One new approach entails fooling users into thinking they've received an attachment sent from an office printer that has a scan-to-email capability; this feature enables users to send scanned files directly from a printer to a specified email addresses.
To pull off this dupe, hackers send users malicious emails with Subject lines stating "Scan from" followed by the convincing-looking office-printer information. The message itself contains additional fake details about the so-called scanned file, including a sender's name, the number of pages, the type of file, a device number, and possibly the printer's location in an office.
This is all intended to lull targets into a sense of security such that they'll download the attached file, which turns out to be a zip file with a malicious executable.
"To be clear, office printers and scanners will not send malware-laden files, and many are unlikely to be able to send scanned documents as zip file attachments. No printer or scanner hardware was involved in the distribution process," wrote Bhaskar Krishnappa, malware analyst at Symantec.