Online scammers are constantly updating the methods they use to spread malware or drive sales of bogus products — and it’s up to IT to learn those new threats and keep them from compromising their company’s network.
What are the new security threats companies are facing now? Here are the top three, according to Symantec’s September 2011 Intelligence Report.
Warn your company’s users and IT staff to be on the lookout for:
1. Malware disguised as office printer messages
Most multifunction printers in use now contain a scan-to-email function — documents are scanned and then an electronic version of the scan is sent as an email attachment to the designated recipients.
Now, Symantec has begun seeing a new email scam in which malware is attached to messages disguised as dispatches from an office scanner. For example, the malware will be contained as a .zip file in an email with the subject line, “Scan from HP Officejet #21761026.”
In most cases, the sender’s address is disguised to use the same domain as the recipient, making the email look like it’s been sent by a colleague in the same organization.
2. Spam pages hidden in organizations’ websites
One tactic scammers often use to spread their spam or malware is to compromise legitimate websites and use them for their own ends.
A new way that’s being done, according to Symantec: hiding pages inside compromised websites using the popular WordPress blogging platform.
A flaw in older WordPress software is being used to give scammers access to web servers, who then place their own content — usually just a page that redirects the browsers to the scammer’s own domain — on a page hidden inside WordPress’s directory structure.
According to Symantec, the threat doesn’t affect blogs hosted on WordPress.com, but rather organizations’ and individuals websites that are hosted on their own servers and managed using WordPress software.
3. Phony delivery notifications
Sending spam emails disguised as a message notifying the recipient of a delivery completed by UPS, the post office or another service is nothing new — but lately, it’s been the most popular way to deliver spam and malware.
The phrase “UPS notification” ranked number one in Symantec’s analysis of the most-used spam email subject lines for September 2011.
To read more, download Symantec’s full report from the company’s website.