What is the risk of opening email attachments in business computers? Does business-users should worry more than home-users in dealing with malware-spam emails?
Spam Business and Your Business
Spam is a business but illegal and, as we know, a crime or a cyber-criminal activity. There are several threats confronting businesses when receiving unsolicited messages, such as malware infection, identity theft and data loss. It is obvious that spammers mean business, as well, and that is because they have to compete with their rival spammers. They are serious about infecting computers with the goal of stealing people and businesses’ data. In this article, we will cover the risk of opening e-mail attachments in business environments--but let’s first find out what is the global spam threat report by security vendor, MessageLabs.
The number of unwanted e-mails has declined in the month of January 2011. This was reported in the Symantec's MessageLabs Intelligence Report issued on January 2011. However, the decline in numbers does not mean that business owners and home users don’t have to worry about spam anymore. The report is based on only a month and compared to last year and also the past two years. People and businesses will continue to deal with spam or until the spammers have stopped infecting computers to become part of a botnet, e.g. rustock botnet.
Resource: http://www.messagelabs.com/mlireport/MLI_2011_01_January_Final_en-us.pdf (PDF Format, please right-click and select save as for offline reading)
Most of the common methods to spread malware are via e-mail as attachments. The malware in the e-mail is distributed using different file formats, such as pdf, zip, exe or renamed file extensions. You can also read more about PDF viruses.
One of the most popular spam messages contains an image as an attachment e.g. pharmacy spam. The message is embedded with the link so that when the recipient clicks they see a website that pretend to sell items. The seller is a fraudster, which means the entered private data (credit card, for example) will be known to the spammer. In some cases, the image is hyperlinked to a webpage that will download a Trojan horse or other type of malware that can steal information on infected computers. An example image at the left shows a spam e-mail with an attached image. The message is also linked to URL redirection service so people will not immediately identify the website address: The risk of opening e-mail attachments using business computers can cause loss of private data in addition to productivity loss. Any opened e-mail attachment can put business data at risk because the attachment could be malicious software that will record activity on the business's computers or it will download additional malware files that will install spyware or a rootkit. Worst scenario is when a business computer becomes part of a botnet or has been infected with malware that will send out spam or malware-spam via e-mail to customers and business partners. The customers' trust of the company will be gone or lowered because they did not look after their private information by using anti-spam technology.
Most businesses users should use software that will block spam messages to prevent putting the company and customers’ data at risk. Symantec and many other security vendors provide cost-effective security solutions using cloud service, e.g. Symantec Endpoint Protection.cloud, so that even small businesses can protect their data without paying too much.
Image credit: Screenshots taken by the author.