Spam and phishing reports

Spam report: July 2008

Table of Contents

Kaspersky Lab, a leading developer of secure content management solutions, presents its latest report on spam activity.

Spam in mail traffic averaged 78.9% in July 2008. A low of 66.2% was recorded on 16 July, while a high of 88.9% occurred on 11 July. The share of graphical spam was 9%.


 

Spam in mail traffic in July 2008

The number of spam messages containing malicious attachments and links to phishing sites fell considerably in July. Messages with links to phishing sites accounted for just 0.58% of all mail traffic – half the previous month’s figure – while 0.27% of messages contained malicious files. Spammers tried to make up for this shortfall in the second half of the month by mass mailing messages that contained links to infected web sites. The messages contained sensational news headlines designed to tempt users into clicking on the links. A number of mailings also invited the recipient to download free antivirus software, although the program actually turned out to be a Trojan-Downloader program.

The top five leading spam categories remained unchanged in July with medications, health-related goods and services (18%) in first place, followed by travel and tourism (14%), adult content spam (12%), education (8%), and fake designer goods (7%).


 

Spam by category

Naturally, the increasing popularity of social networking sites attracts spammers and hackers who use the sites for their own purposes. Although spammers haven’t yet exploited the existence of such sites when advertising everyday goods and services, the topic of social networking frequently accompanies links to malicious programs and offers of hacking and spamming software. For example, spammers offered users of the popular Russian social networking site Odnoklassniki.ru (the Russian equivalent of Classmates/ Friends Reunited) a utility that would automatically enter the user’s login and password when s/he accessed his/ her personal page. This “useful” tool actually turned out to be Trojan-PSW.Win32.SocNet.a. This malicious program does enter the login details automatically, but also forwards the user’s personal data to the remote malicious user’s site. Fake notifications about messages received from Odnoklassniki.ru, which contained a link to an infected site, were also circulating in mid-July. The last few days of July brought a mass mailing inviting the recipient to register on the Friends portal – the messages were allegedly sent by a user on that network. The link in the message didn’t work, but presumably it was designed with the same goal as the spam imitating messages from Odnoklassniki.ru. Once again this case highlights the potential threat to users of invitations or offers sent from unknown addresses.

Spam which is not related to social networks is mostly criminal spam. This category includes negative PR targeting a range of organizations and resources, links to malicious programs or infected sites, advertising for fake and counterfeit goods, and offers of criminal services and software which can be used for hacking and spamming activity. All of this points to the on-going criminalization of spam.

Spam report: July 2008

Your email address will not be published. Required fields are marked *

 

Reports

Lyceum group reborn

According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.

GhostEmperor: From ProxyLogon to kernel mode

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.

APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

Subscribe to our weekly e-mails

The hottest research right in your inbox