Kaspersky Lab publishes "Spam evolution: July – September 2009"

24 Nov 2009
Spam News

Kaspersky Lab, a leading developer of Internet threat management solutions that protect against all forms of malicious software including viruses, spyware, hackers and spam, today announces the publication of its latest quarterly spam report.

The quantity of spam in the third quarter of 2009 was in line with predictions – the seasonal summer lull was followed by autumnal growth.

The percentage of spam in mail traffic averaged 85.7% in Q3. A peak of 91.3% was recorded on 27th September, with a low of 76.3% on 1st August – this being the only instance during the quarter when the level of spam dropped below 80%.

The third quarter saw no major changes to the list of countries considered to be key sources of spam: the US was first (20.4%) followed by Brazil (8.8%) and India (5.2%). The Top 10 included a number of Asian and Eastern European countries. In August, the percentage of unsolicited messages originating from Poland increased.

The percentage of phishing emails in the third quarter was double that of the previous quarter and averaged 1% of the total volume of mail traffic.

The percentage of messages containing malicious attachments grew, averaging 0.46% of the total volume of mail traffic - an increase of 0.29% compared to the previous quarter. September proved to be the busiest month for malware attachments and was in itself largely responsible for the higher than usual quarterly figure.

In July and August, two worms and a Trojan program were especially popular with spammers. All three aim to harvest addresses and include unprotected computers into zombie networks. However, in September the FraudLoad family took over the lead. These programs install rogue antivirus solutions on victims' computers and falsely inform users that a malicious program has been detected on their computer. The main aim of these programs is to convince users that their computers are at risk and scare them into buying an "antivirus" product.

The majority of malware messages imitated notifications from legitimate delivery services, usually DHL or UPS, or money transfer systems like Western Union. Needless to say, the attachments to these emails did not contain any invoices or money transfer check numbers. In fact they contained a malicious program.

Users should be careful when opening file attachments. Spammers actively use social engineering methods to make people think that their messages are from a friendly source. Messages may also originate from compromised accounts.

In the third quarter of 2009 spammers introduced a new tactic – in return for sending an SMS message, the victim received some ‘special' audio files. Listening to these files was supposed to transport the victim into a pleasantly altered state of consciousness. As soon as information became available disproving the claims made for these ‘sonic drugs', the levels of spam referring to them immediately decreased.

Spammers, it seems, are concerned about the appearance of their messages: the total amount of short spam emails in plain text fell, while there were more messages in HTML format (up 8.2%). In order to bypass spam filters, spammers continued to use HTML tables and graphical spam.

The changes in spam category distribution were entirely logical. As expected, the spam situation reflected what was happening in the economy. The economic recession that started a year ago caused a decline in the quantity of mass mailings advertising goods and services. The current easing of the economic crisis has seen a revival of this type of spam. At the same time, self-promotion by spammers has tailed off to pre-crisis levels, an indicator that they are currently receiving enough orders.

The full version of this report can be found on www.viruslist.com.

To find out more about Computer Threats visit: http://www.kaspersky.co.uk/threats

To read the latest security news please visit: http://threatpost.com/