Malware Hidden In .Zip Email Attachments Makes Sudden Rise

Spam emails are always annoying, but they can be malicious and harmful also. Some emails have attachments that infect your computer with malware. Recently, security company Symantec noticed an extreme spike in the number of malicious .zip files being sent out, as Eric Park reports on the Symantec blog.

Sending malicious attachments is a common practice for hackers, but sending .zip files hasn’t been popular for some time. A .zip file is used to compress a much larger file, which makes it small enough to send over email. For criminal purposes, it also obscures the true nature of an attachment. Instead of a user clearly seeing that what should be a Word document is actually an executable file, all files end in .zip and must be downloaded and opened in order to find out what the file actually is. Downloading and opening these files, however, infects your computer with malware.

In the past few months, there had never been more than about 25-thousand instances of malicious .zip attachments being sent on a single day. But, from January 7 to the 10th, between 150-thousand and 200-thousand malicious .zip files were attached to spam emails. In addition to the sudden rise in number, the names of the .zip files being sent changed every day.

On the 7th, an email claiming to be from a legitimate bank like Wells Fargo was sent with a .zip attachment named ‘BankDocs’ followed by some numbers. By the next day, the tactics had changed to an invoice for an overdue payment to an unnamed company. The attached .zip file was named ‘Invoice’ followed by numbers. On the 9th, the .zip file was called ‘Early2013TaxReturnReport’ supposedly from the IRS and then an invoice from a specific company marked on the 10th.

Each of these messages were different, but all contained the same Trojan malware that is capable of stealing data from an infected computer. Since the message changed everyday, it’s difficult to warn users of exactly what to watch for. Instead, don’t download any attachments unless you know exactly what it is and are expecting a file to be sent to you.

Since January 10,  the messages with malicious .zip have gone back to their usual volume of a few thousand per day, but security experts warn that another large-scale attack could start again at any time.

If your computer has been infected with malware, come by Geek Rescue or call us at 918-369-4335.