Spam in May: an education in fake notifications
30 Jun 2014
The percentage of spam in email traffic in May averaged 69.8% – 1.3 percentage points less than the previous month. May saw numerous mass mailings for schools and colleges offering distance learning. Other spam mailings were more straightforward, simply inviting users to buy a qualification. All that was required was a donation to a church that would then officially award an honorary doctorate to the benefactor.
There were also many offers to help struggling graduates repay their student loans. The messages urged recipients to follow a link to a site where they would find adverts for organizations that recruit volunteers and staff for non-profit institutions. In the US it is possible to enroll in state programs that offer credits to people perform some kind of service for their community, and these credits can offset student loans. However, the mailings came from unknown senders that regularly change their email addresses, and not from an official source. The links in the messages went to newly created websites that prompted users to submit personal data.
In May, scammers sent out fake notifications on behalf of the popular iTunes Store. The recipients were informed about the alleged purchase of an application; the email even specified the name of the product and the price. The attached file, which was supposedly the invoice, in fact contained Trojan-Banker.Win32.Shiotob.f. This family of Trojans steals passwords stored in FTP clients and monitors browser traffic to intercept login details.
Email search sites (32.2%) topped the rating of organizations most frequently targeted by phishers this month. Second came Social networks (23.9%), headed by Facebook. Financial and payment organizations were in third place with 12.8% (+0.2 percentage points) followed by online stores (12.1%) whose share also grew 0.2 percentage points from April.
The UK was the country with the highest proportion of email antivirus detections with 13.5%. The US (9.9%) dropped to second, while Germany (8.2%) remained in third. With regards to malicious attachments, five out of the 10 most popular malicious programs spread by email were representatives of the Bublik family. Their main functionality is the unauthorized download and installation of new versions of malware onto victim computers.
“Spammers are constantly thinking up new tricks or turning to old favorites to catch out their victims. It’s not just about advertising: this month we came across a number of mass mailings imitating official notifications from various services and companies. The attachments in these emails contained malware from the Andromeda family. This family consists of backdoors that allow attackers to silently control infected computers, which often become part of a botnet. If you don’t want to worry about these sorts of things, we recommend installing an Internet Security class protection solution,” commented Tatyana Shcherbakova, Senior Spam Analyst at Kaspersky Lab.
The full version of the spam report for May 2014 is available at securelist.com.