Kaspersky Lab presents its spam report for September 2011. The volume of spam in mail traffic decreased slightly compared to August and averaged 78.5%.
Spammers never pass up the chance of exploiting major events, and as soon as the experts started talking of a new financial crisis the theme of economic uncertainty flooded the subject lines and contents of September’s spam. It was a month rich in messages offering dubious get-rich-quick schemes, promoting legal or consulting services as well as notorious ‘Nigerian letters’ with offers of “anti-crisis” loans. Spammers resorted to similar tactics during the 2008-09 crisis when financial instability strongly influenced their activities.
September saw the use of several new and sophisticated social engineering techniques to trick unsuspecting users.
For example, users received a message that appears to be from McDonald’s. It states that the recipient has won the chance to participate in a survey and will get $80 for doing so. The user follows the link, finds himself on a page with a customer satisfaction survey form and fills it in. After submitting the survey, he is redirected to a further form asking for full credit card details to process the promised $80 payment. Of course, the information is likely to be used to clean out the user’s account, rather than pay any cash.
Another method was a modification of a tactic used in August where a message with an archived malicious attachment read like a short official message, but was wrongly encoded. This played on the recipients’ curiosity, tempting them to open the attachment.
Curiosity was not the only method being applied by malicious users – intimidation and threats were also used. For example, one Nigerian email contained a very direct threat: the message claims to be from a contract killer with orders to murder the recipient. But for $8,000 the assassin is willing to spare the intended victim, and even betray his paymaster.
A more effective social engineering trick was an email threatening legal action against the user for distributing spam containing malware. Of course, the recipient was invited to open an archived attachment and check the evidence of his address being used to distribute spam.
“Recipients of this type of email should not panic,” says Maria Namestnikova, Senior Spam Analyst at Kaspersky Lab. “It’s rare for such emails to include personal data about the user or any information about the supposed plaintiff. These are the giveaway signs of a fraudulent email aiming to install malicious executable files on personal computers.”
In September, malicious files were found in 4.5% of all emails — a decrease of 1.4 percentage points compared to August. The malicious program most frequently detected by Kaspersky Lab’s email antivirus component was Trojan.Win32.FraudST.at, a spam bot that specializes in spreading pharmaceutical mass mailings.
The top three countries with the highest rates of email antivirus detection remained unchanged: the US, Russian and the UK. India showed a significant increase in email antivirus detections (+1.5 percentage points), moving the country up two places to 4th.
The full version of spam activity for September 2011 is available at: http://www.securelist.com.