October spam: Santa, scams and sorcery

21 Nov 2013
Spam News

October saw spammers exploiting the themes of upcoming holidays, the names of well-known telecommunication service providers and the conflict in Syria. There were also offers of magical services – love spells and incantations. Meanwhile, a rise of 6.6 percentage points in unsolicited and malicious emails took spam’s share of global email traffic to 72.5% for October.

Trojan Fraud remained the most popular malicious program spread via email. This Trojan imitates a phishing HTML page and is distributed via email. It mimics notifications from major commercial banks, e-stores and various other online services. Once users land on the site, they are prompted to enter their credentials – which are immediately forwarded to the fraudsters, jeopardizing the victims’ confidential information.

Trojan Fareit, a malicious program designed to steal logins and passwords from compromised computers, came second in October’s rating. Bagle regained third place. Like most mail worms it self-proliferates to addresses in the victim’s address book. It can also download other malicious programs onto a computer without the user’s knowledge.

In order to spread malicious programs, fraudsters are increasingly using the names of well-known telecoms companies. In September, they used the name of the UK’s BT Group to distribute the Trojan downloader Dofoil. In October, they targeted Canada's national telecom operator Telus Mobility. An attached ZIP archive contained Trojan Zbot, a malicious program designed to steal users’ banking information. The fraudsters use rootkit technologies which allow them to successfully hide their executable files and processes from the system (but not from antivirus programs).

Tatyana Shcherbakova, Senior Spam Analyst at Kaspersky Lab, commented: “In most cases, spam mass mailings with malicious attachments target the confidential data of users. The fraudsters are looking for new ways to trick users and are actively expanding their list of high-profile company names for use in scams. Users should be very careful with any email containing executable .exe attachments or ZIP archives. The contents of the email should also be taken into consideration. Whenever you are asked to open an attachment, you should be very careful, and at the very least scan the attachment with the help of an antivirus program.”

In October, Kaspersky Lab also registered spam mailings offering some rather unusual services – love spells and incantations. But while the wizards of black and white magic were imaginative, the makers of Santa-shaped USB sticks and similar festive season goods seemed to have run out of ideas: spammers are mostly using the same designs as last year, having changed only the address in the ‘From’ field and added links to newly created redirection sites.

The dire situation in Syria is being actively exploited by spammers to spread "Nigerian letter" scams. In October, we continued to register new examples of fraudulent emails. For example, there was a mass mailing purporting to come from a female member of the “peacekeeping mission” in Syria who was hoping to form a serious relationship with the recipient of the email. On the face of it, a seemingly innocent attempt to make friends, but once the scammers gained the victim’s confidence, the "pen pal" immediately hit a problem which only a money transfer from their new friend could solve.

Asia (56.4%) remained the leading regional spam source in October despite a slight drop (-2.4 percentage points) in spammer activity. North America came second after distributing 19% of global spam. Meanwhile, Eastern Europe’s share went up 3.8 percentage points, averaging 16%, and placing the region third in the rating.

The full version of the spam report for October 2013 is available at securelist.com.

© 1997 – 2014 Kaspersky Lab ZAO

All Rights Reserved. Industry-leading Antivirus Software