Spam report: July 2010

Recent trends

• The amount of spam in email traffic decreased by 2.1 percentage points compared to June’s figure and averaged 82.9%.
• Links to phishing sites were found in 0.03% of all emails, an increase of 0.01 percentage points compared with the previous month.
• Malicious files were found in 3.19% of all emails, an increase of 0.51 percentage points compared with the previous month.
• Facebook usurped eBay’s 2nd place ranking in the list of organizations most often attacked by phishers.

Spam in mail traffic

The amount of spam detected in mail traffic averaged 82.9% in July 2010. A low of 77.9% was recorded on 20 July with a peak value of 90.1% being reached on 25 and 31 July.

Spam in mail traffic in July 2010

Sources of spam

Sources of spam

The USA and India maintained their leading positions as the most popular sources of spam: they distributed 1.5 times as much spam compared to June (17.2% and 9% respectively).

Chile, Mexico, Morocco and Portugal left the Top 20, having each distributed less than 1.3% of the total amount of spam.

There are two ‘newcomers’ in July’s Top 20: Hong Kong entered in 17th place, having distributed 1.8% of the total spam volume and Taiwan entered at 19th place with 1.3%.

China and Ukraine reentered the Top 20, occupying 11th and 15th positions respectively.

The most noticeable change in July’s rating was that the UK, Germany and Italy all made it into the Top 10. The total volume of spam originating from their combined territories increased by 50 percentage points compared with the previous month.

Phishing

Organizations targeted by phishing attacks in July 2010

Facebook took over eBay’s position at No.2 in the rating – this popular social network was attacked more than three times as often than in June.

In the above email, fraudsters used an interesting strategy in order to persuade Facebook users to visit a phishing site and enter their credentials. This time the cybercriminals swapped their traditional threat to block a user’s account, for an ‘offer of friendship’ from someone purporting to have information about a user that was attacked.

In July, Google left the list of the Top 5 most popular phishing targets; the number of attacks on its users having decreased by 1 percentage point. At the same time, these attacks became more creative. For example, one phishing attack imitated a link to the Google Accounts FAQ page.

Malware in mail traffic

In July, the Top 10 list of countries from which malware was distributed via email looked like this:

Malicious programs in email traffic in June 2010

July’s Top 10 welcomed back malicious programs working on the Win32 platform. Such programs account for the majority of malware distributed via email this month.

Mass attacks in HTML format that contain Pegel and imitate notifications from social networks are seemingly a thing of the past – this script downloader has disappeared from the Top 10 completely.

In July, the majority of malware in the Top 10 were Trojans belonging to the Oficla family. The total share of these Trojans averaged 14.73%. Programs from this family install malicious software on a user’s computer. Additionally, some variants of this program have downloader functionality. For example, the Oficla.j variant obtains a list of URLs for downloading files from: hxxp://**********.ru/images/bb.php?v=200&id=786175732&b=b_33_s&tm=2.

Interestingly, July’s rating saw the comeback of two variants of Zbot, a program designed to steal users’ confidential data.

In July, the spammers’ distribution methods were not at all new, with imitation e-cards and bank notifications remaining among their most popular tricks.

The list of countries from which users most often received malicious programs distributed via email saw several changes compared to June:

Countries from which users most often received malicious programs distributed via email

Last month’s leader, Japan, dropped to 2nd place, leaving the USA to fill the vacant slot. Japanese users received half as many emails with malicious attachments in July compared with the previous month.

India and Vietnam replaced Australia and Italy in the rating. The amount of spam with malicious attachments received from these two countries increased considerably, while the number of malicious emails originating from Australia and Italy decreased by 50 percentage points, which resulted in them dropping out of the Top 10.

Spam by category

In July, the total share of three of the most popular spam categories exceeded 80%: Medications and Health-Related Goods and Services (45%), Computer Fraud (20%) and Fake Designer Goods (17%).

Though the share of the Computer Fraud category decreased by 50 percentage points, it remained considerable. Traditional Nigerian letters, which make up the majority of this category, are still very popular with spammers. The most interesting of July’s Nigerian letters contained a warning about Nigerian fraudsters:

The amount of messages in the Personal Finance category doubled, accounting for 6% of all English-language emails.

In July, English-language spam mostly included messages advertising different address and software databases for bulk mailing.

Conclusion

The themes exploited by spammers in July were not particularly seasonal in character. Half of the English-language spam offered the recipients Viagra. The amount of emails containing malicious attachments increased, so we would like to remind users about the importance of regular antivirus database updates.

As autumn approaches, we forecast an increase in seasonal offers such as school supplies and Halloween costumes. Consequently the amount of medical-related spam and emails containing malicious attachments will drop.