Spam in Q3 2013: spike in malicious spam targeting user data
07 Nov 2013
The percentage of spam in total email traffic during the third quarter of the year came to 68.3%, down 2.4 percentage points from the second quarter. Meanwhile, the proportion of malicious spam grew more than 1.5 times. The majority of malicious programs distributed via email targeted user logins, passwords and confidential financial information.
Compared to the previous quarter, Q3 2013 saw the level of phishing emails increase threefold. Trojan-Spy.HTML.Fraud.gen topped the rating of the most popular malicious program spread by email. This malware is designed to look like an html page used as a registration form for online banking services and is used by phishers to steal financial information.
The third quarter of 2013 was full of newsworthy events which grabbed public attention, such as the birth of the royal baby in the UK, the FBI hunt for Edward Snowden and the railway accident in Spain. All this news was used by fraudsters to distribute malware. The links contained in these emails led to compromised websites which redirected users to a page with one of the most popular exploit kits – Blackhole. In October, the author of Blackhole, known as Paunch, was arrested in Russia. What this will mean for the future of the kit remains unclear, but Kaspersky Lab experts suggest it could lead to a drop in the number of malicious "news" mailings.
"In the third quarter we came across a very interesting mass mailing where the fraudsters imitated a reply from the technical support service of a large antivirus company. The email informed the user that a file which he had allegedly sent for analysis turned out to be malware. The ‘technical support engineer’ attached a 'signature', advising that it would disinfect the computer. However, if users opened the attachment, they would find a malicious program detected by Kaspersky Anti-Virus as Email-Worm.Win32.NetSky.q.," commented Darya Gudkova, Head of Content Analysis & Research at Kaspersky Lab.
There was little change in the leading spam sources by country in Q3. The location of botnets appears to be relatively stable, or at least there is a lull in the active relocation of botnets. Asia remained the number one regional source of spam (56.51%). It was followed by North America (20.09%) and Western Europe (13.47%).
The full version of the spam report for Q3 2013 is available at securelist.com.