Return of email malware

Regular readers of this blog will know that I’m keen on measuring the effectiveness of the SophosLabs response to the changing threats. I use a host of metrics to measure proactive detection, response times, spam catch rates and so on. In fact, the labs’ internal ‘dashboard’ (a live web-based system that shows many of these metrics etc) is one of the first places I visit each morning.

Outbreak Subject lines

As our latest report shows, there has been a significant return to malware attached to spam emails. One of the reports I regularly refer to is our response time to such ‘outbreaks’ and adds some colour to this recent shift.

In the past 30 days (Sunday Sept 28th to Monday 27th October) there were 133 unique malicious attachments received on our spam traps (unique because the MD5 checksum of the attachment was different). This represents an average of over 4 “˜outbreaks’ per day.

Of these 95 (71%) were proactively detected, the average response time for the remainder was 75 minutes (1 h 15). This is the time taken for customers to receive detection on the desktop so includes publishing time etc. Spam detection of these “˜outbreaks’ is of course much quicker (often just seconds)

Outbreak Response

49 of these outbreaks were detected as Troj/Invo-Zip with subject lines like “Problems with delivery UPS” and “Tracking N 0837857433″ etc.

A few years ago, such “˜outbreaks’ would have made the news headlines, but sadly we seem to have become desensitized to the onslaught of malware. In the meantime, my focus, and that of SophosLabs is to continue to increase the level of proactive detection, and reduce the response time.