Spam in July: banking Trojans dominate malware in email traffic

22 Aug 2013
Press Releases, Spam News

  • Proportion of spam in total email traffic in July – 71.2%
  • Malicious attachments in email – 2.2%
  • Top 3 sources of spam – China (23.4%), US (18%), South Korea (14.9%).

The results of spam monitoring in July point to a lack of variety among malware targets — nearly every malicious program was after personal user data. Most cases involved malicious programs from banking Trojan families that use personal data to access online banking services. The notorious Zbot/ZeuS spyware program alone accounted for 23% of all malicious attachments and targeted online banking service users logging in on a Windows system or using an Android mobile device.

More often than not, malicious users use fake emails seeded with the Zbot Trojan that are designed to look like an official notification from banks, online stores, social networks, or popular delivery services. Fake messages using the Bank of America name were particularly popular with scammers in July.

The malware intercepts browser requests to the bank’s website, and instead suggests that the user fill out various and sundry “additional information” in order to “ensure security”. But instead of successfully logging in, the banking Trojan obtains unauthorized access to the user’s money. The variations of this Trojan targeting the Android operating system now allow malicious users to intercept transaction confirmation codes that banks typically send to users (by text message, for example), and then reroute these codes to themselves.

July also saw a new entry in the Top 20 email threats. SMS-Flooder.AndroidOS.Didat.a, which targets the mobile Android operating system, ranked 15th and set a new record for this class of program. Its functions allow it to orchestrate and send mass text messages.

Commenting on spam developments in July 2013, Darya Gudkova, Head of Kaspersky Lab’s Content Analysis Department, said: “Malicious users targeting Android devices are showing no signs of taking a summer break. The appearance of this new threat in the Top 20 spam ratings confirms our expectations – the steady growth of Android users will inevitably lead to an increase in the number and variety of these types of threats. These programs capable of sending out text messages will no doubt soon be joined by Trojans that steal confidential data.”

Naturally, major world events also figured in July’s spam mailings. The birth of the heir to the British throne, the trials and tribulations of whistleblower Edward Snowden, the removal of Egypt’s President Morsi — all of these events were exploited to attract attention to spam advertisements for various goods or so-called Nigerian scam emails that attempt to extract money from gullible recipients.

Find out more about the developments in spam in July 2013 in the full report, available at

Useful links:

Spam in Q2 2013

Spam in June 2013

Spam in May 2013

© 2016 AO Kaspersky Lab.

All Rights Reserved.