Businesses must be on the lookout for new spam messages that contain .zip files filled with malicious software designed to control and exploit weaknesses in computers that could reveal private information.
A spokesman for computer security firm Symantec says the new technique comes as the amount of spam reaching inboxes reaches an all-time high.
The new spam messages contain a trojan known as the “Cutwail botnet”, which arrives in a message that refers to postal tracking numbers. Once opened, the trojan allows a hacker to have complete control of the user’s computer in order to download more malicious software that could exploit weaknesses and steal information.
It is expected the number of computers infected by the trojan will grow as unsuspecting business users open the Cutwail attachment believing it to be a harmless business-related file.
Symantec says it has seen spam relating to the virus increase in the last few months, accounting for 3.5% of all spam and 5.6% of malware intercepted. About 3.6 billion emails containing the virus are likely to be sent each day, while the company suggests about 90% of all email sent over internet networks can be classified as spam.
Spokesman Andrew Antal says businesses must be on the look out for the new virus and spend time educating employees about how they can defend their computers from malware.
“Organisations need to have a layered approach to security, with protection at the desktop, server and internet levels. There will always be a new virus that arrives, such as this one, and my recommendation is to protect your company at every level possible.”
Antal also says businesses must pay attention to the use of social networking, as many trojans will arrive in spam messages that claim to be sent from social networking giants such as Facebook or Twitter.
“You need to have a user policy to give some recommendations about what sites should or shouldn’t be visited. If they receive an email that contains a certain link, you need to define whether employees are allowed to do so or not. Ask what the hours are around Facebook during business hours, etc.”
“This type of security requires education. Have privacy rules, and I recommend you read the fine print of your security software to tighten up your security firewalls and so on, because many have the “lightest” setting as the default.”