Spam and phishing reports

Spam Evolution: October 2008

Spam in mail traffic

In October, the average percentage of spam in all mail traffic was 79.9%. The lowest percentage of 68.4% was recorded on 13 October, while the highest percentage was recorded on 21 October at 90.3%. The percentage of graphical spam remained unchanged from the previous month (9%).The percentage of emails containing malicious attachments doubled, amounting to an average 2.09% of all emails.



Percentage of spam on the Russian Internet in October 2008

Phishing

October saw an increase in the number of emails containing links to phishing sites (0.83% of all emails; a rise of 0.21% from September). PayPal (23.25%) and American Express (22.27%) were the e-pay systems most frequently targeted by phishers in October.


 


Organizations targeted by phishing attacks

12 attacks conducted by the RockPhish gang targeted a range of organizations in October.

Spam by category


 


Breakdown of spam categories on the Russian Internet in October 2008

Top five spam categories in October:

  1. Adult content spam – 22.6%
  2. Medications, health-related goods and services – 12.5%
  3. Education – 11.3%
  4. Travel and tourism – 9.5%
  5. Spammer services – 8.7%

The Fake designer goods category failed to make it into the top five categories in October. It was replaced by the Spammer services category which claimed fifth place. Perhaps the economic crisis has affected the number of orders that spammers have received, forcing them to advertise their services more actively. Perhaps not surprising, the current economic climate has led to a decline in the demand for fake designer goods.

The other four categories which make up the top five remain unchanged from the previous month.

Spam and the economic crisis

The elections in the USA were virtually ignored by Russian-language spammers; they chose instead to exploit the global economic crisis. Spammers offered a variety of services ranging from mass mailings to the manufacture of marketing give-aways, all allegedly designed to help recipients overcome their financial difficulties.

Intermingled with relatively innocuous offers were emails in which the authors appeared to be adding to the unrest caused by the current financial crisis: such messages contained advice on how to avoid financial losses.

Fraudulent spam

The economic conditions have encouraged spammers to increasingly resort to fraud. A large number of the fraudulent emails detected in October exhorted recipients to send SMS messages to a premium number. The spammers asserted out that the messages could be sent for free or quoted a cost per message that was 100 times less than the actual cost. Such messages were disguised as emails from Gmail and Mail.Ru administrators.

At the end of October, spammers sent out emails offering a range of prizes; the messages appeared to originate from Megafon and MTS, two major mobile providers. In order to claim a prize, the recipient of the message had to send an SMS message to a short number. The short numbers in the messages allegedly sent by Megafon and MTS were one and the same. Additionally, the companies’ official sites did not have any information about such promotions.

These types of scams are nothing new. But once again they demonstrate just how brazen spammers can be, and how carefully they monitor and imitate the promotional activities of large companies.

Attacks on social networking sites

As has become usual, social networking sites were used by phishers to gather information (mailings containing fake invitations to chat on line) and to extort money by getting users to send SMS messages.

Below is an example of an email used in an attempt to make a particular social networking site more popular:

Old Classmates have been Searching For You – Find Who!

With over 35 million people searches, find out if any of these searches are for you

– You could find old friend, family, and classmates today!

Find out who has been searching for you.

– 3.5 million people reconnected

Helping people keep in touch for life.

Links in these emails led to a range of sites which imitated the design of the original sites. Anyone who clicked on a link would then be redirected to the original, legitimate site during registration. A user who got several emails could end up registering on the site several times, thus making the site appear more popular. Different links disguised the fact that the original site was using spam to boost its rating.

Spammer tricks

A strange mass mailing was detected this month; the majority of recipients got messages that couldn’t be read. These messages contained obfuscated JavaScript that was supposed to redirect the user to a spammer site when the user opened the message. However, the redirection only took place if older versions of web browsers were being used. Overall, this trick wasn’t particularly successful, and left most recipients simply scratching their heads.

Conclusion

The global economic crisis has had a noticeable effect on spam content, on the social engineering tricks used by spammers and on the spam business itself. On one hand, spammers used crisis-related message subjects and played on the concern of the message recipients who are potential purchasers of goods and services. On the other hand, the companies behind the mass mailings are themselves are affected by the unfavorable economic conditions.

It was estimated that the summer drop in spammer activity would be followed by an upswing in the autumn. However, in October the share of spam in mail traffic fell slightly. This may have been caused by a decline in the number of orders received by “spam agencies”. Mass mailings advertizing spammer services seem to have been designed in an attempt to solve the spammers’ own economic problems. The further criminalization of spam was reflected in double the number of emails (in comparison to September) with malicious attachments. This too appears to be symptomatic of economic problems and was a move designed to sustain spammers’ income levels in difficult times.

  • The percentage of spam in mail traffic was down 2.3% from September and averaged 79.9%.
  • Malicious files were attached to 2.09% of all emails, double the figure for September.
  • Links to phishing sites were found in 0.83% of all emails.
  • Graphical spam amounted to 9%.
  • Adult content spam continued to lead the top five most popular spam categories.
  • Unsolicited emails containing adverts for various goods played on the global economic crisis and offered services which could allegedly help to reduce outgoings.
  • Spammers sent emails imitating administrative messages from popular social networking sites; these emails were designed to extort money from users by asking them to send an SMS to a premium number.
  • Spammers sent emails containing obfuscated JavaScript to enable the messages to evade spam filters.

Spam Evolution: October 2008

Your email address will not be published. Required fields are marked *

 

Reports

How to catch a wild triangle

How Kaspersky researchers obtained all stages of the Operation Triangulation campaign targeting iPhones and iPads, including zero-day exploits, validators, TriangleDB implant and additional modules.

Subscribe to our weekly e-mails

The hottest research right in your inbox