Spam and phishing reports

Spam Report: December 2007

  • Quantity of spam messages in mail traffic remained high.
  • Abundance of festive season goods and services offered by spammers.
  • Spammers made active use of free hosting to advertise their goods and services.

Spam in mail traffic

The share of spam in mail traffic averaged 84.9% in December 2007. A low of 69.4% was recorded on 10th December, and a high of 96.5% occurred on 23d December.

Compared to the previous month, the overall quantity of spam declined in December, but still remained relatively high. This level of spam is typical for the end of the year and January will most likely bring a slight decrease.

The peaks on the graph fall on weekends. However, this does not signify an increase in the quantity of spam on these particular days, but most probably reflects a reduction in legitimate business correspondence at weekends, while spam continues to reach mail boxes.

Spam by category

The leading spam categories in December 2007 were:

  1. Medications, health-related goods and services (35.7%).
  2. Travel and tourism (10.7%).
  3. Computer fraud (7%).
  4. Computers and the Internet (6.1%).
  5. Adult spam (5.5%).

The medications, health-related goods and services category once again leads by a large margin. Its percentage of all spam in December came to 35.7%.

Second place goes to the Travel and tourism category, which is quite natural in December with spammers taking advantage in the run up to the holiday season. The Education category, which was second in November, has dropped out of the top five altogether. “Educational” spam is traditionally active at the beginning of the school year (September – October), but by December it is not as prevalent.

The category Computers and the Internet – advertising for and by spammers – remained constant at the same percentage level as the previous month. However, it has dropped one position and now trails the Computer fraud category. The latter, considering the current level of spam criminalization, is almost always among the top five spam categories with a level of 7%.

December brought about an unexpected rise in the quantity of adult spam advertising pornographic products and online dating sites. Spammers may have considered this theme to be more relevant for the festive season.

Predictably, in December there were a multitude of spam messages offering all sorts of presents. Spammers also advertised organized parties, holidays and numerous other Christmas and New Year-related items.

Spammer methods and tricks

For spammers the holiday season was an excuse to try out some new ways of promoting their commodities and services. For example, Internet users were offered the opportunity of not just “improving their financial status working only 2-3 hours a day” but to “earn good money for presents” or to “see in the New Year in style”. Every commodity turned into a “nice Christmas present”, while the range of unusual presents also multiplied – from personal distilleries to mini-saunas.

On the whole, the run up to the holiday period saw spammers opting to perfect their tried and trusted methods, rather than inventing new ones. The Internet was awash with spam messages that contained links to free web-hosting sites where the spammers had created numerous identical sites. In particular, these messages include a small advertising fragment (so the recipient understands what is being advertised) with corrupted text and a fragment with a random piece of text. Spam filters subsequently have difficulties detecting these types of messages because both their text and URL are unique.

And once again spammers tried to dupe the users of the Mail.ru portal. But this time they decided to make use of mobile phones.


The security service of Mail.ru would like to inform you that your mail account has been the subject of an attempted hack, or else you have repeatedly tried to log in using an incorrect password. We make every effort to assist with any problems our users may have. If you did not attempt to log in to your account using an incorrect password, then block the hacker attack on your account as quickly as possible by performing the following actions:

1) Find a mobile telephone that supports SMS messaging.

2) Send a free message with the code {xxxx} to the number {xxxx}.

This number is unique and has been reserved especially for you. It will be active for 10 minutes from the time you read this message.

After 10 minutes this number will be deleted and you will no longer be able to protect your account, including against hacker attacks.

Yours sincerely, Roman.

Security Department

Mail.Ru


The spammers did not explain how an SMS-message sent by the victim could protect against hackers or how the time would be tracked after the user read the message. They must have banked on a frightened, unsuspecting, or careless user immediately sending an SMS-message as soon as they read the letter. Of course, the victim is merely transferring some of their mobile telephone account funds to the spammer.

On that note, we strongly recommend that all users be more careful and avoid falling for the various spammer tricks out there.

Spam Report: December 2007

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q3 2024

The report features the most significant developments relating to APT groups in Q3 2024, including hacktivist activity, new APT tools and campaigns.

Subscribe to our weekly e-mails

The hottest research right in your inbox