Image by rawpixel.com
A senior cybersecurity analyst spotted ransomware as it made its way onto his servers.
The malicious email appeared to be an agreement requested by the recipient. But the message included a ZIP file, and that ZIP file was password protected.
Recipients didn’t even have to track down the password. It was provided in the message itself.
When the recipient executed the file, it was set to download ransomware. The ransomware would encrypt the entirety of the end user’s hard drive.
What Is Malspam?
Malicious files harm our devices.
Spam fills our inboxes and annoys us.
Combine the two, and you get malspam, a term that refers to MALicious SPAM.
Malicious spam comes into your inbox, posing as an everyday message. It may have a link or an attachment. Either way, if you click, you download a harmful file.
Malspam is used to spread ransomware, keylogger viruses, and various other malware types. Criminals may target individuals or enterprises, with the latter allowing them to spread malicious software to multiple devices across the same network.
How Malspam Works?
Image by Freepik
Over the years, malware creators have grown more sophisticated in their attacks. It can be tough to spot it in a sea of incoming messages, and that’s by design.
Scammers don’t want you to be able to detect malicious files, but it’s not just you. Malware has to get around antivirus software and cybersecurity staff with years of experience.
With malspam, scammers have an even greater challenge:
To convince you to open their emails.
First, they have to get past email spam filters. This means not only staying out of your spam folder but also staying out of the promotions folder, where they might never even be seen. So malspam has to be especially compelling.
It can help to take a look at how malspam works. Understanding the steps might make it easier to spot when it comes your way.
1. Malspam Creation
Personalizing a message would likely be the best way to get you to click.
A message labeled “School Supply List” might grab your attention if you’re a teacher about to start the school year.
If you’re an expecting parent, a message pretending to be from a medical provider or Lamaze coach might do it.
If you run a business that works with many vendors, a legit-looking message labeled “invoice 20883” could be the best way to make you click.
But that’s not how malspam works.
Hackers create malspam with mass deployment in mind as with other types of malware. They might target a specific type of person or industry, but the subject line will probably only work with a portion of the population.
But have you ever heard the phrase, “spray and pray”?
It’s a marketing term related to sending a message to the masses and counting on the law of percentages.
If only 5 percent of recipients open the message and click the attachment, and they send it to 100,000 people, that’s 5,000 people scammed.
That’s a good workday for a hacker.
But not all malspam is designed to impact a solo recipient.
Some of this malware is designed to climb into a network and crawl its way through, infecting multiple devices and/or gathering information that it can then send back to the hacker.
One of the reasons malspam has become so prevalent is that it can be created and deployed quickly, thanks to bots. Using automation, scammers can set everything up and just wait for the deed to be done.
That means a large number of inboxes can be hit in a matter of minutes.
Automation has also made email address harvesting a breeze. Tools let hackers search the web for exposed email addresses and collect them, sending their malspam to those addresses.
Creating a message compelling enough to click is the toughest step of the creation process. And if you’ve ever received shady messages, you know most hackers don’t work all that hard at it and still somehow manage to get results.
2. Malspam Deployment
Once the message is ready to go, the deployment phase begins.
Today’s hackers like botnets –– a term that refers to large groups of connected computers that can spread malware quickly. If they can get you to open an email, they may then have access to your contacts, at which point they can further spread the malspam. And that process continues with each victim their malspam claims.
3. Code Executes
Malspam can vary from one hacker to another, but one thing is clear:
You need to at least open the message for it to work.
In some cases, you can open and read it, but nothing happens unless you click a link or attachment.
But some types of malspam execute as soon as you open the email.
Yes –– all you have to do is open the message, and the malicious file starts its work.
In many cases, you don’t even realize you’ve unleashed malware. It does its damage in the background.
4. Attackers Take Over
Imagine malware is a ticking bomb.
When the message is created, attackers are arming it and dropping it in your inbox, where nothing happens unless you activate it (open it).
Once you open it, it still might not set off. But if you click the link or download the attachment, THE BOMB GOES OFF.
That malicious file can do untold amounts of damage in the background. It can encrypt all your files, making your drive unusable. It might grab information and deliver it to the hacker. It could travel to other devices on your network (even at home) and infect those, too.
However it deploys, one thing remains the same:
The hackers are in control of your device.
The Risks of Malspam
Spam is annoying. Malspam can be devastating.
Here are some ways malware will ruin your day. Maybe even your week.
1. Loss of Access
If a hacker gains control of your device, you’ll lose access to your important files.
That access loss could be permanent.
Your pictures, videos, music, and documents could be lost forever, assuming you don’t back them up.
(You should back them up!)
Even if you can restore everything, you’ll lose hours, even days, cleaning up the mess malspam brought to your life.
2. Compromised Accounts
When malspam infects your device, a hacker may be able to pull sensitive data. That could include account numbers, usernames, and passwords.
With keylogger viruses, every keystroke is logged. That means when you’re logging into accounts, and providing information on applications, all of that might be captured.
This makes it easy for scammers to break and empty those accounts.
You can change your passwords, but what if the virus still lurks in the background? The only way out is to fully clean your device and change all account passwords.
If those numbers were stolen, you might even have to cancel your credit or debit cards.
3. Identity Theft
Money isn’t the only thing scammers can take from our devices.
How often do we type our full name, mailing address, phone number, and mother’s maiden name over the course of living our lives?
It might be less often, but we also occasionally have to provide our Social Security numbers, birthdates, birthplace, date of birth, and driver’s license number.
All that information can give scammers exactly what they need to commit identity theft.
Think about it. That data is all someone needs to apply for credit in our name.
A criminal could probably find a copy of our signature on our devices.
Once identity theft starts, it can be tough to combat. You’ll find that it negatively impacts your credit score and leads to harassing bills and phone calls from debt collectors.
It’s far better than to avoid it in the first place.
How to Protect Against Malspam?
Image by jcomp
Worried about malspam?
You could do like me and simply ignore most junk coming into your inbox.
In fact, I have a junk email account solely to collect it. I give that address if I’m making an online purchase or signing up for a service that will no doubt sell my address.
I don’t even bother emptying the junk over there. I just scan it each day and open the emails that look important. The rest are ignored.
But every now and then, one of those subject lines/sender names tricks me into opening. And that’s where we need to take steps to protect ourselves.
1. Maintain Updated Antivirus Software
I wouldn’t go a day without an antivirus on my device.
You just never know. Malware lurks in your inbox, the sites you visit, and even the apps you download.
Antivirus solutions from Norton, McAfee, or AVG can keep your devices safe as you check your email each day. If you do deploy malware, you have a good chance these solutions will catch it.
There are no guarantees, though, so you must use caution when going through your inbox.
2. Approach Links (and Downloads) with Caution
Yes, it’s possible that simply opening a message will launch the beast.
But most malware needs you to take action to execute it.
This can be clicking a link or downloading an attachment.
You’ve probably heard it a million times by now, but you should always be suspicious of links and downloads, especially from strangers.
But malware can come from friends, too. Especially if someone hacks into that friend’s account.
It’s always better to be safe than sorry when you see a link or attachment. If possible, reach out to the source directly and ask if that person sent the message. If it comes through a work email, reach out to your I.T. team and have them take a look.
3. Back Things Up
Okay, this step isn’t as much a way to protect yourself from malspam. Instead, it’s a way to reduce the damage if your device does get infected.
My computer backs up every day. It’s probably backing up right now. It happens in the background, while I’m working or playing.
If I’m hit with a virus someday, cleanup will be the hardest part. Once my device is restored, I’ll just have to load my files and start working.
It also comes in handy when you buy a new device. You can pull the files over in one step. I’m usually up and running with a new laptop in an hour or two.
4. Protect Your Identity
Has your identity been compromised?
It’s time to take some action.
IdentityTheft.gov is a great resource for reporting the incident and getting an action plan. The action plan walks you through what you can do to reduce damages.
You might also consider freezing your credit. This will keep anyone from using your Social Security number to secure credit or make major purchases.
For added peace of mind, consider identity theft protection. Services like Aura, IdentityForce, and LifeLock can monitor for signs someone’s using your information to commit fraud.
They can also help you with cleanup if your identity is used.
5. Report It
Malware is a crime, particularly IF THEFT IS INVOLVED.
If you suffered a ransomware attack, the Federal Bureau of Investigation wants to know. You can report the incident at the Internet Crime Complaint Center.
The Federal Trade Commission also investigates fraud cases. You can submit the information at ReportFraud.FTC.Gov. The FTC keeps an eye on trends and takes action on a widescale basis.
As if spam doesn’t already make life more challenging, now we have to worry about malspam.
The good news is that email providers are improving daily at filtering spam. If we can quickly identify the spam in our inbox and report it, we’ll help the bots start to filter those messages.
But it’s best to avoid opening the messages if possible. And we should definitely refrain from clicking links or opening attachments.
With a few safety measures, we can keep our devices safe while accessing the emails we need daily.
Related Articles About Securing Your Devices: