June Spam Report: PayPal Bears the Brunt of Phishing Attacks

23 Jul 2010
Spam News

According to June’s spam report issued by Kaspersky Lab, PayPal is the unsurpassed leader when it comes to being targeted: in June, the number of attacks on this e-pay system rose by 20 percentage points compared to May’s figure. Facebook and HSBC swapped positions again, to become third and fourth place respectively, while the popular online game World of Warcraft also made it into the Top 10.

Three new countries – Brazil, Columbia and Spain – joined the ranks of the Top 5 prime distributors of spam. However, the USA and India maintained their leading positions in the rating. In general, Spanish- and Portuguese-speaking countries are widely represented in the Top 20 most active sources of spam.

Sources of spam

A new trend has shown up in malware contained in mail traffic – the number of malicious programs that work on the Win32 platform is decreasing, whilst conversely, the share of HTML is growing. The majority of malicious programs in June’s Top 10 were HTML pages written in JavaScript. This led to users being redirected to websites containing spam, along with a number of different exploits besides. We can be reasonably sure that the distribution of such bulk emails will continue for the immediate future.

Variants of one of the most dangerous rootkits currently in circulation, Trojan.Win32.TDSS, were also actively distributed via email in June, two of them taking fourth and seventh place in the Top 10. Variants of this program could be found in different links, although always in the form of an attachment packed in a zipped archive. In order to distribute them, fraudsters used one of their favorite themes – taxes.

This summer’s main event, the FIFA World Cup, certainly didn’t go unnoticed by the spammers. This theme was heavily exploited in a number of ways in the Medications and Health-Related Goods and Services and Computer Fraud categories.

The full version of the spam report for June 2010 is available at: www.securelist.com.