The best protection against Cryptolocker malware, eFax spam and other email threats is Cloud Anti-Spam

Email-based cyber security threats are dangerous and pervasive. Traditional anti-virus and anti-spam software can no longer keep up with rapidly changing malware like Cryptolocker ransomware, fake eFax messages and other viruses, trojan horses and phishing scams. See what the trends are for 2015 and why the best protection for your business and coworkers is in the Cloud.

Cloud Anti-Spam is the Best Protection against Malware

With antivirus software becoming less and less effective against zero-day threats like Cryptolocker and CryptoWall, Cloud-based spam filtering is becoming your best defense against losing your money, your data, and your identity.

Blocks Zero-Hour Threats

Email is now a common way for criminals to infect your network, through an attached executable file or a link to a malicious website. Antivirus software is no longer as effective at combating these threats because criminals change their malware faster than you can get the latest security patches.

eFax, Cryptolocker and other viruses are delivered via email

Dangerous email threats include links to viruses and attached files.

However, premium Cloud-based Anti-Spam services with built-in virus detection can block zero-hour threats. By it's nature, Cloud antispam can look wider and deeper than traditional antivirus programs to detect inbound malware. And it's better than appliance-based antispam.

Examines the Entire Package

For example, antispam examines the entire delivery mechanism for malicious clues, such as the sending IP's reputation, email header information, and links in the message.

Traditional antivirus software only examines the downloaded file and can't keep up with rapid pace of mutations. At best, it might update every hour or so and only when the user is logged in and actually downloads and installs the latest security patch.

SpamStopsHere is updated every two minutes, 24/7/365. Because it works in the Cloud the updates take effect immediately without the user downloading or installing anything.

eFax, Cryptolocker and other email-borne threats.

Traditional antivirus only scans the malicious file. Cloud anti-spam can examine the entire delivery package for better detection of rapidly changing payloads.

Has a Global View

Cloud-based antispam providers like us also have a global perspective on email traffic that antivirus and local antispam does not. We can determine which messages are dangerous because we can detect spammy behavior, like the same email or attachment being sent from many different IP addresses to many different recipients. Installed software typically only knows what's happening on one machine or at best a local network.

Blocking threats in the Cloud is Key

Blocking threats in the Cloud is key not only for the global perspective and rapid updates, but also because threats are stopped before they even reach your infrastructure. Hardware appliances on your network have a global view, but like installed software they are only updated periodically. So, they are not much better than installed antivirus software at detecting rapidly changing malware threats. And they don't keep threats away. They let them in and then try to quarantine them.

Email and Spam Trends

So, just how pervasive are email-based threats?

Spam made up a whopping 64% of the email traffic that we filtered last year. While legitimate email volume remained somewhat constant throughout the year, spam volume changed dramatically from month-to-month, peaking in March and then gradually dropping until there was actually less spam than legitimate email in November and December. Even spammers take a break during the holidays.

eFax, Cryptolocker and other spam made up 64 of all email during 2014.

Monthly Email Filtering by SpamStopsHere (2014)

Malicious Campaigns

While spam volume went down, it became increasingly malicious, which may be a sign that diet pills, mortgages offers and other dubious gimmicks are losing their effectiveness. Instead criminals now seem to be concentrating on gaining access to bank accounts, blackmailing with ransomware (like Cryptolocker, Cryptowall) that locks up your files, and infecting your computer with a botnet that does other harm.

Suspicious Patterns

The spam also became more difficult to detect and block, especially for individuals trying to maintain their own spam filters. This was in part due to a change in the pattern and duration of campaigns. Along with the generally lower level of spam toward the end of the year came very short bursts of email-based threats that only lasted a day or two, rather than the typical sustained campaigns of several days to a week or more.

Cryptolocker, eFax and other email-born threat were pervasive during 2014.

Daily Email Filtering by SpamStopsHere (2014)

This may be a new strategy by spammers to try and trick Bayesian-Heuristic systems (which SpamStopsHere is not) by denying them the opportunity to learn over time. It might also just be an attempt to overwhelm IT admins who maintain their own spam filtering, like at small and medium businesses; lull them into a false sense of security for a week or more and then hit hard at odd hours of the day or night.

Major Threats and Scams

Email spam in 2014 ranged from Russian dating and pharmaceutical offers to dangerous phishing scams and cryptolocker ransomware using trojan horses, WordPress hacks and more.

eFax Dropbox Spam

A big eFax spam campaign hit in May 2014. These fake emails notified the recipient that an eFax was waiting for them and included a link to retrieve it. The link went to a DropBox or other file containing the dangerous payload.

This campaign also came in the form of fake American Express and Citibank emails, and drew a lot of attention. Variations on it continued for the rest of the year and we expect it to see that happen into 2015.

Cryptolocker and Cryptowall

Cryptolocker and Cryptowall (among others) are a class of malware called "ransomware". You receive an email with some message about an attachment that looks like a zip, pdf or doc file. Never click on or download such a file. The attachment has an executable file that either is a trojan horse or downloads one from somewhere else. When it runs it encrypts the files on your computer and displays a ransom demand for the key to unlock them.

We reported on this campaign in 2013 and it has continued past 2014. In addition to the standard measures that most antispam providers are taking, we've developed additional tools to detect and block these serious email-based threats. Our techniques even help us predict new variants, so we're ready for them when they hit.

Home Depot / American Express

This phishing scam targeted American Express members worried about the 2014 Home Depot security breach. A link in the urgent-sounding message went to an impressive-looking fake American Express login page, trying to steal Amex User IDs and passwords.

"Russian" Viagra and Other Medical Spam

Russian Viagra and other medical spam hit hard in March, some days accounting for nearly 100% of blocking by our unique URL filter. The volume was so high, we developed special filters to block them.

WordPress Hacks

Email spam using Wordpress exploit hacks increased early in the year. Although this is a really old trick, it is potentially dangerous and the campaign was large.

Pump and Dump Penny Stock Scams

2014 saw a resurgence in classic "pump and dump" scams involving penny stocks. The sender, who already owns shares of a certain stock, tries to inflate its price artificially by spreading fake good news about the company through a mass email campaign. That's the "pump". Then the sender quickly sells his/her shares at a profit, leading the price to collapse and gullible investors holding the bag. That's the "dump".

One stock scam involved OTC shares of Rainbow International Corp (RNBI). This was a massive campaign that drew a lot of interest. We saw more than 10 times our normal website traffic at one point, going to our blog about that scam. Although it appears that RNBI pump and dump failed, someone tried to pump and dump RNBI again a few months later in August.

Another pump and dump touted shares of Inspiration Mining (ISM) in October. A previous attempt a few months earlier looked like a success for the scammers, so someone tried it again. However, this time they only mentioned the stock's symbol on the Toronto exchange, possibly a way to get around spam filters set to block the U.S. symbol. That's a clever scheme, because our research shows cross-listed shares of that stock tend to move up and down together.

Stop Seeing Spam - Today

SpamStopsHere is different from other anti-spam programs. For one, it is truly a set-it and forget-it service. Our professional threat analysts block new threats 24/7/365, so you don't have to. Even though customers have the ability to do their own tuning, the vast majority don't bother because SpamStopsHere works so well.

Unlike most other systems, SpamStopsHere is not based on outdated Bayesian-Heuristic filtering. Instead, we developed a series of filters that each blocks a large amount of spam while blocking almost no legitimate email. So you and your coworkers stop looking at spam.

SpamStopsHere filters each block spam with almost no false positives.

SpamStopsHere Filter Performance (2014)

With a spam-blocking rate of 99.5% and fewer than 0.001% (1/100,000) false positives, very few customers change the default settings or check their quarantine. Ever.

By the way, be wary of low false-positive claims and always read the fine print. Some providers don't count serious delays caused by greylisting or legitimate emails blocked due to misconfigured sending mail servers, both of which make their false positive rate look better. Our definition is the most inclusive - a legitimate email not delivered within one minute.

That's a claim almost no other antispam provider can make.


2014 brought some new challenges to those tasked with protecting their infrastructure and coworkers from email-based threats. From malware like Cryptolocker and Cryptowall ransomware to dangerous phishing and other link-based scams, bad guys were hard at work trying to overwhelm spam filtering efforts. We expect these trends to continue into 2015, with spammers trying to find new ways to exploit weaknesses in typical spam filters.

If you're having trouble keeping up with these threats, consider trying SpamStopsHere FREE for 30 days. It blocks 99.5% of spam while delivering over 99.999% of legitimate emails. That means we block fewer that 1 out of 100,000 good emails, which is why businesses and professionals love our service.

Click here for more about SpamStopsHere and our 24/7/365 live support

Marks used in this article are the properties of their respective owners. This article is for informational purposes. No endorsement by third parties is implied and none should be inferred.