Introduction to Malware Spam (Malspam)

Bart Lenaerts-Bergmans - July 19, 2023

What is malware spam?

Malspam, short for malicious spam or spam containing malware, is a spam email that delivers malware as the malicious payload. Malspam emails contain malicious content, such as links or attachments with viruses or malware.

Though people typically consider junk emails a nuisance, malspam represents a true danger that can wreak havoc on the impacted machine and on the other machines connected to the same network.

Learn More

The first unsolicited bulk email — an advertisement from Digital Equipment Corporation for its DECSYSTEM-20 product — was sent in 1978.

Now, more than 40 years after that first spam message, unsolicited emails have only grown in volume and sophistication. There are many types of dangerous spam emails, and one high-risk category is malspam.

How does malspam work?

Sending and receiving emails is ubiquitous in work today. Given its popularity and constant use, email is a highly successful attack vector for sending malware-laden messages to unsuspecting recipients.

The malspam threat took its roots in the late ’90s with mass email distribution of the Melissa virus. Building on the Melissa virus’s success, the attack was quickly followed by the ILOVEYOU computer worm in early 2000 that was sent to millions of email recipients. From there, malspam volume, variety, and sophistication have continued to snowball.

Cybercriminals use a wide range of techniques to spread their dangerous malware payloads via email. The technology innovations in the last decade alone, such as the wider use of automation and AI, have empowered bad actors to continuously evolve the methods and complexity of their malspam attacks to evade detection from email security solutions.

For example, the introduction of social media platforms and the cultural trend of documenting our lives online gave cybercriminals new methods for advancing their malspam attacks. Social engineering techniques that include highly convincing copy (often “borrowed” from the recipient’s social footprint) combined with the packaged malware payload have proven to be some of the most effective malspam campaign methods for duping recipients and allowing attackers to gain a foothold.

Learn More

Read this article to learn about the 12 types of malware you are most likely to encounter and should keep an eye on to stay protected. Types of Malware

Identifying malware spam

Given the many techniques at an attacker’s disposal, email users must constantly remain vigilant and keep a watchful “sleuthing” eye out for signs of suspicious malspam emails. Here are some common red flags to look out for:

  • The sender email address is incorrect or has inconsistencies in the domain name
  • The tone feels off (e.g., a message from a colleague that’s either too familiar or unfamiliar)
  • The message is riddled with bad grammar and spelling mistakes
  • Content includes a sense of urgency and asks you to act quickly on a request
  • Content includes a threat like a final warning about an account suspension
  • The email has a suspicious attachment that the recipient didn’t request
  • Embedded links have odd URLs
  • The message requests credentials, payment information, or other personal details
  • The recipient didn’t initiate the conversation — any unsolicited emails should be handled with care

Expert Tip

While malware infections on mobile devices are not as pervasive as with traditional computers, no device is immune from an infection. Read this article to stay on top of the most common ways malware is transmitted on a mobile device. Mobile Malware Distribution Methods

How to protect against malspam

Ultimately, malspam attackers need the recipient to click on a malicious URL link or download an email attachment to deliver their malware payload. Email users should avoid taking these actions unless they have high confidence that the email is legitimate.

For example, if you receive an email from a colleague who is responding to a request for some particular information, you can generally treat it as safe. But if you’re ever not 100% certain, opting to not click a link or download a file is the best practice for security.

Relying on good judgment alone isn’t a fail-safe measure, so make sure to also implement these best practices:

  • Employee awareness training: Employees must be trained to recognize malspam threats, be on the alert for signs of a malspam threat, and report such attempts to the proper corporate security staff.
  • Use antivirus software: Anti-malware tools scan devices to prevent, detect, and remove malware that enters a system through malspam.
  • Use an email security solution: Email security solutions use pre-defined denylists created by expert security researchers to automatically block malspam delivery or move malspam emails to a junk folder.
  • Use an up-to-date browser and software: Regardless of system or browser, make sure to always use the latest version. New and innovative attacks are launched all the time, so constantly patching and updating the organization’s solutions will provide stronger defenses against malspam threats.
  • Never reply to potential malspam or other suspicious emails: Responding to malspam emails lets cybercriminals know that the address is active. They will then put the address at the top of their priority lists and continue to retarget it.
  • Use multi-factor authentication (MFA): Even if a victim’s credentials have been compromised in a malspam attack, MFA requires a second level of verification (such as an access code sent to a mobile phone) before granting access to a sensitive account.

Learn More

Read this article to learn about 10 security practices that use a combination of expertise and technology to detect and prevent malware. 10 Malware Detection Techniques

Reporting malware spam

If a suspected malspam email or other suspicious email makes its way to a user’s inbox, the user can protect themselves and help slow the tide by reporting these emails when they recognize them.

Employees can report suspicious emails to their organizations’ IT departments, and they can also be good internet citizens by forwarding the emails to the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) at


Bart is Senior Product Marketing Manager of Threat Intelligence at CrowdStrike and holds +20 years of experience in threat monitoring, detection and intelligence. After starting his career as a network security operations analyst at a Belgian financial organization, Bart moved to the US East Coast to join multiple cybersecurity companies including 3Com/Tippingpoint, RSA Security, Symantec, McAfee, Venafi and FireEye-Mandiant, holding both product management, as well as product marketing roles.