Spam in Q2 2013: More offices in danger from targeted plausible fakes

05 Aug 2013
Spam News

In Q2 the percentage of spam in total email traffic increased by 4.2% from the first quarter of 2013 and came to 70.7%. The percentage of phishing emails in global mail traffic fell by 0.0016% and came to 0.0024%. These figures are among the results of Kaspersky Lab’s email traffic analysis for Q2 2013.

Main Trends in Q2


Many emails with malicious attachments were addressed to corporate users this past quarter. These emails were disguised as auto-replies, i.e., delivery failure notifications, or notifications of the arrival of an email, fax, or scan. Malicious users expect corporate employees to skim over the details, assume the email is legitimate and open the attachment — releasing a malicious program.

One unusual feature in Q2 was the distribution of eCards with malicious attachments. In the past these were a common sight at every major holiday, but lately malicious eCard sightings have been few and far between. However, this past quarter, Kaspersky Lab again detected these malicious mailings, this time targeting the prominent American greeting card company Hallmark.

Malicious eCards weren’t the only long-forgotten tactics detected by Kaspersky Lab in this period. In Q1 2013, one of the tricks used by spammers was “white text,” which is essentially random text added to the bottom of an email. Readers do not notice this because the color of the text is the same as the background color. The idea is to persuade spam filters that the unwanted message is a newsletter. This quarter, spammers used more or less the same trick; they added random text, but this time they didn’t even bother to make it “invisible”. Instead it was merely separated from the main body of text with a large number of empty lines. All of the texts were taken from various news stories. For example, while an email might start out with a colorful photograph advertising a certain product or service, if the recipient scrolled all the way to the bottom, he would find an small-print excerpt from a news story on Hugo Chavez, the Boston Marathon, or the conflict in Korea.

Statistics for Q2


The countries which most actively send spam are the same as before, although their percentages have changed slightly: China is down by 1.2%, the US is down by 0.9%, and South Korea’s percentage is lower by 3%.

The distribution of sources of spam by country, Q2 2013

The majority of spam emails are still very small, weighing in at under 1Kb. Over the second quarter there were 4.8% more of these small emails, and they made up 73.8% of all spam mails.
The amount of malicious attachments in the second quarter was 1% lower than in the first, coming to 2.3% of all mail traffic. Among the threats spread by email, the most prevalent families are those designed to steal data to access user accounts (usernames and passwords), particularly for online banking services.

The percentage of phishing emails in total mail traffic during the second quarter this year fell by 0.0016% and came to 0.0024%.

There were few changes in the range of organizations targeted by phishing attacks in the second quarter. The number of attacks launched against social networks fell by 3.3%, and the percentage of attacks against financial organizations increased by 1.2%, pushing that category into second place in the ratings.

More and more often these days, phishers are reluctant to rely solely on the human factor and are less willing to wait for users to enter their own data. Instead, malicious users are now sending out malicious emails seeded with Trojans that steal usernames and passwords, including for online banking accounts.

Malicious attachments aren’t only found in emails masquerading as forms for Facebook and other popular online resources — they can also be found in emails disguised as official bank messages.

“Recently, spammers have begun sending out emails with malicious attachments designed to look like automatic delivery failure notifications sent out by servers. Another common trick is to make malicious emails look like notifications from well-known online resources, and include links to malicious websites. The large amount of spyware in malicious spam attachments shows a regrettable trend – malicious users are persistently hunting for personal data, usernames and passwords, including those for online banking and payment systems. Kaspersky Lab recommends that users continue to exercise caution — even when dealing with emails that appear to be legitimate.” said Darya Gudkova, Head of Content Analysis & Research, Kaspersky Lab.

To read the full version of Q2 2013 Spam report visit securelist.com

Useful links


 

© 1997 – 2014 Kaspersky Lab

All Rights Reserved. Industry-leading Antivirus Software