Analysis of spam developments in Q2 2014 by Kaspersky Lab experts revealed a growth in unsolicited correspondence and new cybercrime tricks. The percentage of spam in all email traffic during the second quarter of the year came to 68.6%, up 2.2 percentage points from the previous quarter. The US tops the rating of the most popular spam sources, accounting for 13.4% of junk mail sent worldwide. Russia came second, accounting for 6% of world spam, followed by Vietnam in third place (5%).
In the first quarter of 2014, the Sochi Winter Olympics were the most popular sporting theme for spammers; in Q2 they switched their attention to the FIFA World Cup in Brazil. This theme was actively exploited not only for advertising; Kaspersky Lab registered malicious or just fraudulent football-related phishing emails. In Q2 2014, we saw a new wave of spam advertising offers to buy stock in small companies. This was part of a well-known form of stock fraud called ‘pump and dump’ – spammers buy shares in small companies, artificially inflate the prices by spreading information that they will significantly increase in value in the near future and then sell the shares at a higher price.
The changes in the list of most widespread malicious attachments reflect the growing interest among cybercriminals in users’ money. The HTML phishing website where a user is asked to enter his personal data and which is then forwarded to cybercriminals maintains its leading position. However, second place is now occupied by a banking Trojan primarily targeting the online customers of Brazilian and Portuguese banks. Noticeably, the Top 10 malicious programs most frequently used in email included four representatives of the Bublik family which often download the notorious ZeuS/Zbot (also designed to steal banking data) to users’ computers.
Spammers targeting brands
Cybercriminals often mask spam with malicious attachments in emails from well-known organizations – delivery services, stores, social networks. In Q2, the Starbucks chain of coffee house became their most popular target.
The message claimed that one of the recipient’s friends, who requested anonymity, had allegedly made an order for him at Starbucks. To view the menu, find out the address and the exact time that the order was available, the recipient had to open the attachment, an executable file that the cybercriminals hadn’t even bothered to mask.
“It is clear that scammers have begun to use every opportunity to intercept the most valuable user data – credentials to access online banking systems and payment information. More than half of the most popular attachments in spam now contain Trojans whose goal is to steal users’ money. The proportion of such messages may seem insignificant, but in absolute figures it is millions of malicious emails and the only reliable protection against them is an effective Internet security class solution,” commented Darya Gudkova, Head of Content Analysis & Research at Kaspersky Lab.
The full version of the spam report for Q2 2014 is available at Securelist.
Cyberthreat real-time map