Spam and phishing in Q2: spam percentage stopped decreasing #Q2<\/p>Tweet<\/a><\/blockquote>\n In detail<\/strong><\/p>\n An earthquake in Nepal, the presidential election in Nigeria, and the Olympics in Rio de Janeiro were the primary topics of scam letters in Q2. Just like any event extensively covered in mass media, these attracted a lot of fraudsters, who have no scruples when it comes to\u00a0taking advantage of human tragedies like the Nepal earthquake.<\/p>\n These emails\u00a0are mostly written in such a bad English that it\u2019s hard to imagine anyone buys into it.<\/p>\n However, some amusing events also took place. One mass-mailed scam letter claimed that the newly elected President of Nigeria had arranged a $2,000,000 compensation for \u2013 pay attention! \u2013 \u201cthe countless fees that you have been sending to Nigeria which turns out to be scam\u201d (sic!).<\/p>\n The letter goes on: \u201cWe are deeply serious<\/em> (sic!) for what you have been through\u201d.<\/p>\n Sorry, seriously couldn\u2019t help posting this:<\/p>\n The next Olympic Games in Brazil will not be held until 2016, but Kaspersky Lab is already registering fraudulent notifications of lottery wins dedicated to this popular sporting event.<\/p>\n Interestingly, a large number of emails of this type were sent out in the run-up to the World Cup, while the Olympics were not mentioned.<\/p>\n The content of the messages is standard: the lottery was held by the official organization, the recipient\u2019s address was randomly selected out of millions of email addresses, to receive the winnings it is necessary to respond to the email and provide the specified personal information.<\/p>\n This personal information is then \u201cused appropriately\u201d by the cybercriminals.<\/p>\n SEO spam spike<\/strong><\/p>\n Yet another event exploited in spam in the second quarter of 2015 was the release of regular updates to the Google search algorithm. This changed the mobile web search results so that the sites adapted for mobile phones were displayed in top positions. And, of course, a significant increase in the amount of spam relating to SEO (search engine optimization) and promotion of sites took place. According to Securelist, spammers sent out offers advertising the creation of sites of any complexity and purpose, as well as services to attract new customers. They emphasized the necessity to bring the site up-to-date by using the latest features of a popular search engine. Those site owners who still had doubts were threatened with ending up in the last pages of Google search results and the resulting loss of potential customers.<\/p>\n Volume stats<\/strong><\/p>\n In comparison to Q1<\/a>, the long-observed decrease in the spam percentage in email traffic seems to have stopped. From April through June the percentage remained basically the same: 53.6% in April down to 53.2% in June. As soon as figures of Q3 are in, there will most likely be some increase due to the fact that it\u2019s the end of vacation period.<\/p>\n Malware<\/strong><\/p>\n Arguably, the primary problem with the spam, aside from clogging the bandwidth, is the malware and phishing attempts it carries along with it.<\/p>\n In Q2, the notorious Trojan-Spy.HTML.Fraud.gen topped the ratings. This program is a fake HTML page which is sent via email, imitating an important notification from a large commercial bank, an online store, a software developer, etc. In other words, something that is very likely to be clicked.<\/p>\n This threat appears as an HTML phishing website where a user has to enter his personal data, which is then forwarded to cybercriminals.<\/p>\n Second and third positions are occupied by Trojan-Downloader.HTML.Agent.aax and Trojan-Downloader.HTML.Meta.as. Both are HTML pages which, when opened by users redirects them to a rigged site. Once there, a victim is usually faced with a phishing page or is offered a download \u2013 Binbot, a binary option trading bot. The two malicious programs spread via email attachments and the only difference between them is the link which redirects users to rigged sites.<\/p>\n Outside the Top 3 reside more harmful things: a Banker ChePro (Trojan-Banker.Win32.ChePro.ink), a downloader for specifc Trojans designed to steal confidential financial information.<\/p>\n Trojan-PSW.Win32.Fareit.auqm. Fareit Trojans steal browser cookies and passwords from FTP clients and email programs and then sends the data to a remote server run by the fraudsters.<\/p>\n Also, there are a couple of Trojan downloaders from Upatre family, and Exploit.MSWord.CVE-2014-1761.k, a Word document containing an exploit which uses an appropriate vulnerability to download to the victim\u2019s computer other malicious programs designed to steal user personal data.<\/p>\n Upatre, by the way, also heads the Q2 rating of malware families.<\/p>\n The top 3 of those families also welcomes back ZeuS\/Zbot multipurpose malware, most often used to steal banking information. It is also known to install Cryptolocker.<\/p>\n Among other highlights of Q2 is the continued presence of macro viruses in spam emails \u2013 albeit the peak was in the previous quarter.<\/p>\n The distribution of letters containing non-typical ARJ archives made with 1990s software also continued. Spammers seem to have loved other non-conventional archives too: April\u2019s and May\u2019s spam traffic distributed attached archives withCAB and ACE extensions, which are not common with today\u2019s spam. The archives contained Trojan Trojan-Downloader.Win32.Cabby and HawkEye Keylogger. Unlike such popular spam extensions as ZIP and RAR, the CAB and ACE attachments may not always be recognized by users and thus cause less suspicion.<\/p>\n Phishing<\/strong><\/p>\n Securelist says in Q2 2015, the Anti-Phishing system was triggered 30,807,071 times on computers of Kaspersky Lab users. 509,905 masks of phishing URLs were added to the Kaspersky Lab databases over this period.<\/p>\n Anti-Phishing system was triggered 30,807,071 times on computers of Kaspersky Lab users. #protectmybiz<\/p>Tweet<\/a><\/blockquote>\n Primary targets of phishing<\/a> attempts were Global Internet portals \u2013 their share even increased by 2.78 percentage points from the previous quarter and accounted for 42.35%. Other categories, in turn, were attacked slightly less often. \u201cSocial networking sites\u201d lost 2.6 percentage points, \u201cBanks\u201d \u2013 5.56 percentage points, E-payment systems \u2013 2.84%.<\/p>\n![\"\"](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2015\/08\/06020357\/q2_spam_eng_9-1024x714-1-1024x714.png\")
<\/a><\/p>\n
![\"\"](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2015\/08\/06020356\/q2_spam_eng_20-1024x815-1-1024x815.png\")
<\/a><\/p>\n