Recent trends
- The amount of spam in email traffic decreased by 0.6% when compared to September’s figure. The total average being 85.7% for October.
- Links to phishing sites were found in 0.9% of all emails, an increase of 0.1% when compared to September.
- Malicious files were found in almost 2% of all emails, an increase of 0.7% when compared with the previous month.
- Halloween and Christmas themes were actively exploited by spammers.
Spam in mail traffic
The amount of spam detected in email traffic averaged 85.7% in October 2009. A low of 81.2% was recorded on 3 October with a peak value of 89.7% being reached on 18 October.
Spam in mail traffic during October 2009
Malicious attachments in spam
Malicious files were found in 2% of all emails, an increase of 0.7% when compared with the previous month.
Malware found in spam messages during October 2009
Looking at this month’s Top 10 malicious programs, the clear leader is once again the FraudTool Trojan family. Samples of this family were found in 27% of all the malware detected during the month. As the name suggests, the Trojan installs a rogue antivirus program on the user’s computer.
A lot of malicious programs were packed with the help of Krap. The malware Top 10 includes four packers belonging to this family: Packed.Win32.Krap.ah, Packed.Win32.Krap.ad, Packed.Win32.Krap.w and Packed.Win32.Krap.x. These are usually utilized for packing Zbot and FraudTools. Krap.w and Krap.x are also used for packing Iksmas while Packed.Win32.Krap.w packs Bredolab which like Zbot has been in the Top 10 for the last ten months.
Of particular interest is a mailing in which the message included a file packed with the help of Packed.Win32.Krap.w. The mailing imitated a notification from Facebook informing the social network’s users that their password had been changed for security reasons and that the new password could be found in the attachment.
Notably, our old friend DHL-spam has caught up with the times and is now distributing files packed by Krap.
Phishing
Links to phishing sites were found in 0.9% of all emails. In October, the leading trio of most-attacked organizations remained unchanged.
This means that attacks on the American taxpayer continue to happen: IRS, the American Internal Revenue Service, is again in second position with nearly double the number of attacks (up 9%) during October. Fraudsters use this organization both for extorting personal data and for distributing Trojan-Spy.Win32.Zbot.
October saw mass phishing attacks that targeted British taxpayers. We wrote about this in our blog. here.
PayPal and eBay, both of which are especially popular with the fraudsters, can be found at first (up 1.6%) and third (down 3.4%) places respectively.
Organizations targeted by phishing attacks during October 2009
There were also phishing attacks targeting email users, although no definitive email provider’s system was mentioned in the messages. For example, one of the emails addressed the user as ‘Dear email user’ and requested that the user send their password to confirm their registration data and threatened that the user’s account would be blocked if they didn’t cooperate.
If a user provides their password they will increase the volume of spam because the phishers will then have the ‘keys’ to their account.
Sources of spam
In October, nearly one third of spam worldwide was distributed from the USA, although their contribution to the total amount of spam traffic decreased by 3.5% when compared to the previous month, averaging 29% for October. Brazil comes second with 5.6% (compared to September’s 6%). Russia moved up to third place, generating 5.2% of the total spam volume (up 1.4%). Vietnam (up 0.6% to 4.8%), India (up 0.9% to 4.4%), Korea (4.2%) and China (down1.3% to 2.6%) These countries occupied 4th, 5th, 6th and 8th places respectively, with Poland at 7th. The UK moved down from 9th to 12th position – the quantity of spam sent from UK decreasing by 0.3% when compared to September’s figure.
Spam by category
The most popular English-language spam categories were medicinal and health-related goods and services along with fake designer products. The No.1 spot is occupied by imitation designer-ware which appears in almost one third of all English-language spam. In order to promote their ‘almost-designer offers’, spammers have already started exploiting the Christmas theme by offering the user a chance to give themselves a nice Christmas present – a replica Swiss watch.
‘Medicinal’ spam accounted for one quarter of all English-language spam. Halloween having become its trademark – for example a site offering Viagra was decorated with pumpkins, the traditional symbol of this holiday.
In addition to Viagra-style ‘medication’, a lot of spam was dedicated to advertising various treatments for Swine Flu.
About one tenth of all spam traffic was devoted to advertising cheap software. This brings to mind a recent mass mailing that offered the user Kaspersky Anti-Virus 2010 at half the list price. We wrote about this here.
Halloween was once again actively exploited here:
October’s educational spam offered ‘instant’ Bachelor’s or Master’s degrees. We estimate that the share of this type of spam accounted for 11%.
Computer fraud performed with the assistance of spam emailing remains very popular (10% of all English-language spam). It includes phishing, emails persuading users to download malicious programs, Nigerian letters and messages containing notifications that the user has won a sum of money.
Computer fraudsters have introduced a new theme for spam messages – Windows 7. Generally these messages come with attention-grabbing headlines of a worrisome or purchase-related nature. In the first case, Microsoft’s innovative new product is labeled as harmful to a user’s computer either because it allegedly contains malware, or can harm the machine by some other means. In the second case, users are offered the chance to buy the new operating system at a quarter or even at tenth of its real cost. Any user that is tempted by such ‘hot news’ or by such a ‘hot price’ is running a huge risk because all of these emails are distributed with the sole purpose of phishing or spreading malware.
Other English-language spam themes
Many of October’s mass mailings were dedicated to Halloween. We wrote about the many types of spam relating to this holiday in our blog
Spammers could not pass up the opportunity to cash in on the forthcoming 2010 FIFA World Cup. Offers of trips to South Africa to support the user’s favorite team have already appeared in many spam messages.
Spammer methods and tricks
In October, spammers distributed English-language emails which looked quite ordinary.
The secret lay in the HTML code which included random symbols and blocks of dashes in different quantities and locations throughout the email. This trick was used in order to make every email unique.
Conclusion
The appearance of Windows 7-related computer fraud is very much to be expected. Importantly, it is only just starting at the present time, but next month’s figures will undoubtedly see a very significant increase.
More and more spam exploiting the theme of Swine Flu will appear as a result of the growing number of incidences of the disease.
Christmas mass mailings are expected to appear very shortly. Considering the recent trend whereby the percentage of emails with malicious attachments has grown considerably, it is more than likely that these holiday-related mailings will contain ‘presents’ to the user in the form of malicious programs.
Spam evolution: October 2009