Spam Report: January 2008

Spam in mail traffic

The average percentage of spam in mail traffic amounted to 86.4% in January 2008. The monthly low for spam was recorded on 28 January and amounted to just 73.1%, while the monthly high was recorded at 97.3% on the first day of the year.

Spam in January 2008

The total amount of spam in mail traffic has fallen since December 2007. However, there was significantly less business correspondence during the New Year holidays, resulting in the increase in the percentage of spam over the holidays.

Spam by category

The top spam categories in January 2008:

1. Medications, health-related goods and services (48.1%).
2. Education (9.3%).
3. Adult content spam (5.2%).
4. Travel and tourism (4.7%).
5. Electronic advertising services (4.2%).

Spam on the Russian Internet, January 2008

January figures for the Medications, health-related goods and services category increased considerably from December 2007, causing this category to retain the leading position. The Travel and tourism and Computer fraud categories both slipped down the table, giving way to spam from the Education category. This movement was triggered by the end of the New Year holidays as businesses returned to work. Russian-language spam saw an increase in the number of advertisements offering counterfeit diplomas and school essays, as well as crib sheets for students who aren’t prepared to earn their grades on their own. Advertising of university diplomas was especially popular just before schools opened their doors for the winter semester.

Even though the Travel and tourism category experienced a decline, it is still in the top four categories, and may still move up towards first place in the run-up to St. Valentine’s Day. Offers of services and gifts related to this holiday became widespread following the Christmas and New Year’s rush. Lovers are offered a number of the most romantic ways to celebrate the holiday with their better half:

Technical tricks

The New Year started with the emergence of new methods used to send spam.

Previously, spammers have used random characters in the text of their emails to circumvent spam filters, making the messages almost impossible to read. Now, however, spammers have started to pepper their emails with HTML tags.

As the example shows, the tags do not affect the appearance of the message. These tags have nothing to do with the content, and although they can be detected by a spam filter, but a mail client will not process them when displaying the message.

In January, spammers made multiple attempts to lure users to a Trojan-infected website by sending fake messages allegedly from the administration of Mail.ru. Users received an image branded with a familiar logo. These messages were followed by messages containing a link obfuscated with an unintelligible combination of letters. In order to fool users into going to such sites, spammers then resorted to using blogs on the Mail.ru portal.

In the message above, allegedly from Mail.ru administrators, the first link reads ‘Click here – only for women!’ This link takes the user to a blog displaying advertising text and an URL to a spammer website. All the other links in the email (offering a web interface with an html editor, a spell-checker, support for mail clients etc.) are genuine. The blog used by the spammer did not last long – it was taken down on the same day it appeared.

Another spammer technique typically used in advertisements for companies and small businesses (cafes, furniture factories, suppliers of construction materials) works in the following way: as a rule, customers ordering mass mailings have their own “corporate” website. Spammers include the URL of this website in their email, but they falsify the link, redirecting users to a website for free hosting services. On this website (many such sites have been deliberately created) the user will either find information on how to contact the company, or a redirect pointing to the company’s real website. This tactic is designed to hinder detection by spam filters by constantly changing the URL in the HTML code.

Monthly update

• The percentage of spam in all email traffic has increased to 86.4%.
• Infected emails (i.e. messages with attachments containing malicious programs, or messages contained links to infected web sites) made up 1.13% of all mail traffic.
• Phishing emails amounted to 0.98% of all email traffic.
• January saw spam containing HTML tags which readers do not see.
• Mail.ru’s blog service was actively used by spammers.