Email malware levels skyrocket

Earlier this week we described a huge malware outbreak with increases of over 500%. The graph we presented showed a tapering off after the peak of the attack. The similar attacks in March and April also showed this trend – with a large initial outbreak followed by gradually decreasing spikes as the month went on. However, for the current attack, it seems the main outbreak was still looming when we wrote the previous post.

Following the peak on the 12th of August, levels did start decreasing before soaring to nearly 25 billion malware emails between Monday and Tuesday.

One trend from March that is repeating itself is the change from UPS to DHL-themed emails. 

Email text:

GOOD AFTERNOON!

DEAR CUSTOMER , RECIPIENT’S ADDRESS=IS WRONG

PLEASE PRINT OUT THE INVOICE COPY ATTACHED AND=COLLECT THE PACKAGE AT OUR DEPARTMENT

Best wishes , DHL=TEAM

Commtouch’s Command Antivirus detects the attachments as ZIP/Bredolab.A!Camelot. The malware starts its activity by downloading additional files from a randomly named .ru site followed by 2 GET requests from separate .org sites.