Spam and phishing reports

Spam evolution: June 2009

Spam in mail traffic

The amount of spam in mail traffic averaged 84% in June. A low of 78.3% was recorded on 12 June, while there was a high of 88.9% on 28 June.


Percentage of spam on the Russian Internet in June 2009

Malicious files were found in 0.31% of all emails – an increase of 0.28% compared to the previous month.

In order to get users to click on a malicious link, spammers exploited the themes of cheap medications and various solutions to financial difficulties. For example, an advert for a pawnshop contained a link to a site infected by Trojan-Downloader.JS.Iframe.azt.

The news about Michael Jackson’s death on 26 June was used to attract attention to messages that were designed to spread malicious code. Such messages promised to throw light on the mysterious death of the king of pop. Those interested in learning more were left disappointed, and their computers were exposed to potential infection. The email below contains a link to a web site; click on it, and it ultimately leads to an executable file which is a modification of Trojan-Spy.Win32.Zbot, a family of malicious programs designed to steal personal data.

Who killed Michael Jackson?
Michael Jackson Was Killed…

But Who Killed Michael Jackson?

Visit X-Files to see the answer:

http://MJackson.site/x-files

A similar mailing was sent in Italian. It offered users the chance to view sensational footage of the last few minutes of Michael Jackson’s life. An “adults only” warning was used as an additional lure. The link was similar to a You Tube link but also contained the name of the singer – youtubemichaelj. Instead of a video, an error message was displayed and the user was asked to download a codec in exe format in order to view the video. The codec was in fact Net-Worm.Win32.Kolab.cxa.

Phishing and fraud

Links to phishing sites were found in 0.94% of all emails – an increase of 0.25% compared to May.

PayPal remains the most common phishing target. The number of attacks targeting PayPal users increased by 8% in June and made up more than 60% of all phishing attacks. As usual, second place is occupied by eBay with 9% – a decrease of 7% compared to May’s figure.

 
Organizations targeted by phishing attacks

The old methods are the most effective: phishers have been sending out messages which appear to come from banks. These messages ask the recipients to click on a link and enter their user name and password. The message was justified by the claim that several unsuccessful attempts to log onto the banking system had been made from the client’s IP address.

 

Spam by category

 
Breakdown of spam categories on the Russian Internet in June 2009

In June, the top five categories were:

  1. Medications, health-related goods and services — 21.1% (-11.3%)
  2. E-advertising services — 15.2 % (-3.3%)
  3. Education — 14.3% (+6.4%)
  4. Real estate — 6.9% (+2.9%)
  5. Adult content spam — 6.3% (-0.6%)

As in May, the Medications, health-related goods and services category remained in first place, although its share decreased by 11%. Spammers used a minimal approach when promoting such such products:

The share of the Other goods and services category increased considerably (+6.1%) in June and reached 11.7%. The recovery in small business advertising began in the first weeks of June. The majority of messages contained offers for household and domestic services and transport, all of which tend to be in demand during the holiday season.

Spammer methods and tricks

As already mentioned, this year has been notable for graphical spam promoting E-advertising services, or the spammers themselves. These ads often contain original slogans and graphics that are designed to grab the attention of potential new clients.

{Translation: Someone needs your goods or services! Order a mass mailing!}

{Translation: True loneliness is when you don’t even get spam. Mass mailings! from 4000 rub. Spam hosting from 2000 rub.}

This trend continued in June.

{Translation: Order two (mass mailings), get the third free.}

Spammers also began to send messages of a similar style targeting a narrower audience: health resort managers, seminar organizers, accountants and small business representatives.

In June spammers tried to hinder detection by spam filters by changing the contrast ratio, the brightness and the range of colours used in images. It should be noted that this method is only used in messages advertising spammer services, and not in messages promoting other services.

Conclusion

June saw no significant changes in the ratio of spam to legitimate correspondence. The beginning of the summer affected the content of unsolicited mailings – the number of messages linked to education and real estate, as well as emails advertising goods and services provided by small businesses, has grown considerably. Of particular note is the fact that the number of messages containing malicious attachments increased in June this year, just as it did in June 2008. World news stories were used by spammers primarily to get users to open malicious attachments. Though there were relatively few innovations in terms of techniques used to spread spam, it’s difficult to say whether the spammers are taking a break for the summer or are getting ready for the new season.

  • The volume of spam in mail traffic decreased by 0.7% compared to May and averaged 84%.
  • Links to phishing sites were found in 0.94% of all emails – an increase of 0.25% compared to May.
  • Malicious files were found in 0.31% of emails – an increase of 0.28% compared to the previous month.
  • Michael Jackson’s name was used in order to attract recipients’ attention to messages containing malicious links.

Spam evolution: June 2009

Your email address will not be published. Required fields are marked *

 

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox