What does mass mailing worm mean?

15 April 2019

A mass mailing worm is a corrupted computer programme that has the ability to copy itself and hyperlinks to infected websites and distribute the copies via email.

Mass mailing attacks have the potential to send malicious emails around the world to multiple recipients instantaneously.

These emails can be spread automatically, using harvested email addresses from your email contacts, or manually by the hacker.

We are still exploring this pervasive issue today on the 20th anniversary of the first major, successful mass mailing attack in March 1999.

The worm, known as Melissa, spread worldwide and caused mass hysteria. Despite only causing minimal damage, this attack caused many companies to temporarily shut down their internet access.

Since Melissa, multiple other variants have appeared including; MyDoom, SoBig, Here You Have and Upering.

What does mass mailing worm mean?Why does it matter?

A worm can also access your computer by exploiting a system vulnerability. Previously, a social engineering technique called ‘virtual postcard’ was the tactic of choice; which involved a malicious hyperlink, embedded in a seemingly innocent e-card, spamming the malware to all email addresses found on your computer.

Once inside your computer, the programme can damage and compromise its security. Worms can also be used to facilitate Distributed Denial of Service (DDoS) attacks by corrupting multiple networks with a debilitating form of malware or virus.

Scanning software can be used to detect mass mailing behaviour, while isolating and deleting all affected emails within the network. Any basic security programme will deploy such tools, yet hackers deploy various techniques to make this more difficult.

This can include using legitimate email accounts and servers to distribute the copied files, making the emails appear more credible, and more likely to be opened by employees.

Some corporate email systems also mandate the encryption of certain emails, making these bogus attachments more difficult for filtering systems to analyse.

There are multiple methods companies can apply to become more resistant to mass mailers including; introducing a regular patching procedure to restrict the number of entry points and an email filter system to verify the security of each message, firewalls; regular access permission reviews, disabling autoplay and file sharing settings, enforcing a password policy and disconnecting drives when they are not in use.

Human behaviour is still the front line of defence, and email recipients can decipher email authenticity by identifying some key indicators of mass mailing behaviour. Popular hacker clues include; poor presentation in the form of questionable grammar and layout, badly formatted HTML code, an incorrect hyperlink alias, a fake domain location and false claims of being a PDF file, rather than an SCR file.

However, like social engineering emails, the quality continues to improve, making the obvious malicious emails more difficult to detect.

Just like in 1999, the news of a pervasive computer security issue can cause panic, and the initial response can be to “unplug!” Businesses are more reliant than they ever have been on constant access to online systems and tools for communication, collaboration and the data that is the lifeblood of their business, so tech incident response teams have much trickier decisions to make when worms strike.

For more articles like this, download our Cyber Decoder
Cyber Learn more about cyber insurance solutions and risk management >>


If you would like to talk about any of the issues raised in this article, please contact Sarah Stephens, Head of Cyber on
+44 (0)20 3394 0486.

As part of Marsh JLT Specialty's London-based Financial Lines Group, Sarah and her team work both directly with our clients and with network colleagues and independent partners to make sense of cyber, technology, and media E&O (PI) risks and create leading edge bespoke insurance solutions in the London market.

Prior, Sarah spent 12 years with Aon in a variety of roles. Her last role at Aon was Head of Cyber & Commercial E&O for the Europe, Middle East, and Africa (EMEA) Region, working with colleagues across business groups and clients in the region to identify, analyse, and drive awareness of cyber risks, exposures, and both insurance and non-insurance solutions.

Previously, Sarah spent seven years with Aon’s US Cyber and Errors & Omissions practice group thinking nonstop about cyber insurance way before it was cool. Her first four years at Aon were spent in the Account Management group working with large clients and developing a keen eye for excellent client service.

View our latest cyber videos here