Spam, a popular vehicle for malware, it still tricks people

E-mail is still the easiest way to deliver malware.


Spam is still the go-to scheme to get malware on your computer.

More than 40 years after the first spam e-mail was sent, it is still a reliable way to infect your computer, according to Helsinki-based cybersecurity company F-Secure.

The first spam was sent in 1978 when an e-mail was sent over Arpanet, the forerunner of the Internet, 400 users. Since then, spam is still one of the “main infection vectors” for malware, according to F-Secure.

Malicious spam is usually distributed through links to suspicious websites, scams and infected attachments.

Click on rates for spam rose from 14.2 percent in the first half of 2018 from 13.4 percent in the second half of 2017, said MWR InfoSecurity, which was acquired by F-Secure in June.


“E-mail spam is the most popular choice for the propagation of malware,” said Päivi Tynninen, Threat Intelligence Researcher at F-Secure, in a statement.

The time-honored technique is still the same: to spit out huge numbers of e-mails to catch a small number of users, F-Secure said. That said, criminals continually “refine their tactics” to boost their results, according to the cybersecurity company.

Why spam is still king

The Bad guys are getting better at tweaking their strategies based on simple, but effective, psychology. That includes tactics, such as sending e-mail pretending to be from someone the recipient knows and improve the grammar and spelling. In particular, “error-free subject lines” are effective, F-Secure said. If a computer user knows one of the easiest tip-offs to a scam is bad grammar.

Another reason: other tactics do not work.

So-called exploit kits are less popular now as a result of the decline of Adobe Flash as one of the most popular plugins on websites, says F-Secure. Also antivirus software is winning against standardized malware threats.


So, the bad guys, which is necessary in order to spread malware as a business model, are forced to rely more on spam.

“Web sites affected by the exploit kits used to be the main driver of malware infections. The drastic reduction of browser support for Flash Player, in principle, removed the last best software for exploit kits to exploit,” F-Secure spokesman told Fox News. “And in time, since antivirus companies are more and more successful in the detection of malware attachments,” the spokesman said.

“We have reduced criminals to spam, one of the least effective methods of infection,” Sean Sullivan of F-Secure Security Advisor, wrote in a blog post. “And to be honest, I don’t see anything on the horizon that could lead to another gold rush criminals are stuck with spam,” he said.

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.

Most popular