Spam and phishing reports

Spam Report: August 2008

Monthly update

  • The percentage of spam in mail traffic increased 1.4% from July and amounted to an average of 80.3%.
  • Malicious files were attached to 0.7% of all emails.
  • Links to phishing sites were found in 0.64% of all emails.
  • Graphical spam amounted to 9%.
  • Links related to the Olympic Games in Beijing and the conflict in South Ossetia were used for fraudulent purposes.
  • HTML tags were commonly used to conceal links.

Spam in mail traffic

The percentage of spam in all email traffic in August averaged 80.3%. The lowest percentage of 69.8% was recorded on 12 August, while the highest percentage of the month was recorded on 20 August at 90.5%. The percentage of graphical spam remained unchanged from the previous month (9%).

новое окно 

Percentage of spam in August 2008


The last summer month of the year saw a slight increase in the number of emails with phishing links (0.64% of all emails, or a rise of 0.06% from July). The financial organizations most frequently attacked by phishers in August are shown below.

новое окно 

Organizations targeted by phishing attacks

Remarkably, this month Associated Bank was subjected to two attacks by
Rock Phish using fast-flux technology (dynamic IP re-registration). During the first attack on 16–17 August, a total of 524 unique phishing links were used. During the second attack, which began on 30 August, 541 unique links were used.

Malicious mailings

During the summer months — a period when demand for goods and services wanes — spammers keep themselves busy by sending out malicious emails. Furthermore, while most emails in July contained links to infected pages, emails in August had a higher incidence of malicious attachments. The percentage of emails containing malicious attachments increased from 0.27% in July to 0.7% in August.

Russian spammers carried out a mailing with the intriguing subject line: “What exactly is this document on your website?” The left section of the link included the domain name of a well-known, legitimate website. However, the mysterious “document” was actually located on a tk-zone domain, which was clear if the recipient looked closely at the link. An attempt to download the “document” on to the user’s computer actually downloaded a Trojan downloader disguised as a .doc file.

Ну и что это за документ у Вас на сайте?

да еще с Вашим именем{site}.tk/hr.doc
C Уважением Семен.

What exactly is this document on your website?

And with your name in it!{site}.tk/hr.doc
Sincerely, Simon.

A rather aggressive approach was used to spread infected files in a mailing sent in broken English. The letter essentially told the recipient that their child had been kidnapped and that the abductors wanted a large ransom in exchange for the child. The email included an attachment: a “photo of the kidnapping victim”. But the file in the attachment actually contained Trojan-Downloader.Win32.Delf.bfc.

We have hijacked your baby
Hey We have hijacked your baby but you must pay once to us $50 000. The details we will send later…
We has attached photo of your fume

Spam by category

новое окно 

Breakdown of spam categories on the Russian internet in August 2008

The top five spam categories in August:

  1. Medications and health-related goods and services (22.4 %).
  2. Adult content spam (17.6 %).
  3. Education (8.6%).
  4. Fake designer goods (7.2%).
  5. Travel and tourism (6.6%).

The Medications and health-related goods and services category is still in first place.

After starting to climb in May, the Adult content spam category continued to move up and reached second place in August — mostly thanks to Russian-language mailings.

The Travel and tourism category fell to fifth place in August due to the end of the holiday season and lower demand for services in this area.

The start of a new school year meant more mailings related to education, moving the Education spam category up to third place this month.

These categories have remained in the top five throughout the summer months.

Spammer methods and tricks

Last month, an original new tactic was used to bypass spam filters where numbers were “drawn” in a table so that filters would not be able to block an email containing a specific telephone number. Some of the cells in the table were colored in to portray the image of a telephone number.

In August, this trick popped up again, but a simpler approach was used: an advertisement for Viagra named the product in a table, where each letter of the product name took up one separate cell. Links were also formatted in the same way. The spammers using this method assumed that their recipients would manually enter the links.


V I A G R=/strong> A

W WW  .  SITE.  C  OM


Below is an example of how those trying to dodge spam filters can render an email completely unreadable: the text below is comprised of grey numerals.


For the first time in several years, we observed a seasonal (summertime) drop in the percentage of spam in mail traffic. In August, the number of unwanted correspondence increased, but it did not reach the numbers recorded in the spring. We can expect that the percentage of spam in mail will return to its usual level in autumn and continue to grow.

The percentage of emails containing phishing links and malicious attachments also increased. This is likely due to lowered advertiser interest in using spam for promotional purposes and the summer decrease in demand for goods and services. The wave of fraudulent and malicious emails should serve as a reminder to use the internet with caution.

Spam Report: August 2008

Your email address will not be published. Required fields are marked *



APT trends report Q1 2024

The report features the most significant developments relating to APT groups in Q1 2024, including the new malware campaigns DuneQuixote and Durian, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox