Symantec noticed an uptick in social engineering attacks in September, a trend the security outfit attributes to a rise in polymorphic malware in email, the company said in its recently released "Symantec Intelligence Report: September 2011." Spam levels dipped slightly in September to 74.8 percent of all email, a decrease of 1.1 percent from August, but a "deluge of malicious email-borne malware" more than made up for the drop in spam.
"Approximately 72 percent of all email-borne malware in September could be characterized as aggressive strains of generic polymorphic malware, first identified in the July Symantec Intelligence Report," Symantec said in its report. "In July, this rate was 23.7 percent, falling slightly to 18.5 percent in August before soaring to 72 percent in September. This unprecedented high watermark underlines the nature by which cyber criminals have escalated their assault on businesses in 2011, fully exploiting the weaknesses of more traditional security countermeasures."
Fast becoming a favorite trick of cyber crooks is a social engineering attack in which malware spreads by pretending to be an email from a smart printer or scanner being forwarded by a co-worker. It's effective because people don't really associate printers and scanners with malware. An infected email might contain the Subject line "Scan from a HP OfficeJet" or something similar. The sender's domain is spoofed, adding to the ruse the email originated internally. Inside the attached ZIP archive is a dirty executable that looks like a Word document.