Kaspersky Lab announces the publication of its spam report for the second quarter of 2010. According to the report, one of the most significant events in the last quarter was an unprecedentedly large mass mailing that used HTML-based threats in the form of emails disguised as legitimate notifications from social networks.
An email was distributed that was made to look like a notification from social networks, email providers and popular websites such as Facebook, Twitter, Digg, Amazon, Windows Live, YouTube, Skype, and Wikipedia. These emails were very reminiscent of phishing attempts. However, if a user clicked on the link, they would be taken to a hacked site, from where a malicious script would then be downloaded.
A total of three Trojan downloaders were present in the Top 10 during the second quarter. Prior to the June attack, none of these email threats had ranked among the Top 10. This change clearly indicates a planned spam attack.
The USA went firmly into the lead this quarter with 15% of all spam emanating from there, while India remains a steady second place with 8.5%. Vietnam climbed two places to come in third in the chart. However, there was plenty of jockeying for position throughout the quarter. In April, the USA, India, and Vietnam were neck and neck with 12.3%, 11.7%, and 11.6% respectively, while in May, the USA unequivocally stepped into the lead with 20.8% of all spam.
Quite unexpectedly, Italy (3.3%) and Spain (2.8%) joined the Top 10 sources of spam. Last quarter, these countries were ranked a lowly 14th and 15th place respectively on the chart. Furthermore, the amount of unwanted correspondence originating in Latin America increased to 16.3% of the total spam content.
As Kaspersky Lab predicted some time ago, phishers are increasingly focusing their efforts on social and entertainment websites. In addition to PayPal, eBay, and HSBC, the other top phishing targets included Facebook with 6.03% and the Google email system with 2.84%.
View the full version of the Q2, 2010 spam report at Securelist.com.