Written by Hyun Min Park - HAURI Virus Lab.

E-mail spam, also known as junk e-mail, is a subset of spam that involves nearly identical messages sent to numerous recipients by e-mail. (Refer to Wikipedia)

E-mail spam is typically used to obtain revenue by exposing advertisement for many and unspecified persons. Also, it is used for DDoS attack to attack certain target server or specific network, and induces to install malicious codes to user's PC.

The malicious code that caused Distributed Denial of Service (DDoS) attacks has been spread through E-mail spam and web site and it is already widely known. Like this, these days' attackers use E-mail spam as a tool for attacking users; also the attackers have a clear purpose which is the financial benefits, since the users have been   exposed to more risk.

1. There are many ways to spread malicious code, but recently cases that using disguised social network service by SpamBot have been reported.

i) According to statistics, the 80-90% of global spam is being distributed by SpamBot. SpamBot collects E-mail address through a Web bulletin board and opens E-mail accounts in Google or Yahoo webmail service for sending spam to unspecific persons. At this time, SpamBot sends E-mail spam not only for simply advertising purposes but also for malicious purposes such as stealing private information.


[PIC 1] E-mail spams by SpamBot(Rustock, Zbot)

ii) The malicious code that targets the social network users are rapidly growing. It disguises itself as a  social networking services using the official mail and images, and sends E-mail spam with certain subject like 'change the password settings' or 'account updates' for inducing users to open the mail and even for stealing private information of users.

If a user clicks the link in the E-mail spam to change the personal information settings, the phishing site that is disguised as a social network service page is showed and once the user log-on, the personal ID and password are exposed.


[PIC 2] Phishing site that targets social network service

Therefore, whenever users log-on, must be careful and check if the site address is the same as the normal website. Also, generally normal service sites do not send E-mail for notifying account change settings, so in case of receiving those kinds of E-mail, it is safer that user enters the site address manually.

iii) E-mail spams with the disguised subjects like social/global issues, Windows Update, Internet, inernationally famous companies, Anti-Virus companies are constantly being distributed. For example, the Beijing Olympics, earthquakes, volcanic eruptions, CNN news, celebrity messenger or ordering goods titles were used commonly as E-mail spam subject.


[PIC 3] Malicious code with global issues & internationally famous company disguised subjects

For inducing more users to open E-mail spam, it uses various subjects such as 'Untitled' or 'failed message received' using social engineering methods, thus if you receive an E-mails from someone you do not know, it is safe to delete instead of opening.

Currently, the typical E-mail spam related malicious codes that ViRobot detects/repairs are like below:

Trojan.Win32.Bredolab
Trojan.Win32.Rustock
Trojan.Win32.Waledac
Trojan.Win32.Zbot

2. By opening malicious code hidden E-mail spam or executing attachment without checking by Anti-Virus, user's PC can be infected by malicious code and it will perform the malicious actions like below.

i) It induces users to purchase fake Anti-Virus by showing fake infection and shows steals user information on purchasing.

ii) The infected system sends invitation E-mail to others in the system user¡¯s contact list for inducing malicious site register without user agreement.


[PIC 4] Invitation E-mail for inducing malicious site register without sender agreement

iii) Sometimes E-mail spam installs other malicious codes like KeyLogger and through the code, it tries to steal user bank account information and tries to get financial benefits. Usually hackers steal private bank account information by transferring user's keyboard input data, but recently they also do monitoring user's desktop screen and steal the required information by installed hacking program.

For preventing the damage against these kinds of attacks, users must check the attachment on E-mail by Anti-Virus first then execute it.


3. The ways of preventing E-mail malicious code are as follows:

i) Do not open E-mail from unknown person and delete it.
ii) Do must check E-mail attachment by Anti-Virus with the latest engine first then execute it.
iii) If there is an unknown website link on E-mail, check it first, then click it.
iv) Install Anti-Spam solution, and minimize the possibility to receive the E-mail spam and malicious codes.
v) Install Anti-Virus and turn on the Real-Time monitoring function.
vi) Maintain the security patches for OS(Windows, etc.) and other applications(Internet Explorer, Adobe Flash Player, Acrobat Reader, MS-Office, etc.) to the latest version.


Once you found a spam, do report it to the webmail service company. Due to your report, you can reduce the damage of others.