Spam and phishing reports

Spam Report: June 2007

Spam in mail traffic

The spam situation is currently stable. Spam accounts for 70% – 80% of all email traffic. The monthly low was recorded on June 6 at 69.9%, and the monthly high was 78.4% on June 29.

Most spam on the Russian Internet today is made up of English-language offers for medicine – mostly those meant to increase one’s virility – and Russian-language advertisements for training courses and seminars. European zones of the Internet are seeing more spam advertising medicine and cheap software, in addition to spam promoting certain stocks.

Spam by category

The top five categories of spam in June 2007:

  1. Medications and health related goods and services: 21.9% (+3.7).
  2. Education: 13.2 (+2.6%)
  3. Computers and the Internet: 9.2% (-1.2%)
  4. Travel and tourism: 8.7% (no change)
  5. Computer fraud: 8.9% (+0.9%)

As we have seen in preceding months, most spam these days falls into the medications, health related goods and services category. In June this category grew somewhat. In addition to the typical English-language emails advertising Viagra and anti-depressants, user inboxes have also seen their fair share of Russian-language emails promoting health services. In June, the medications, health related goods and services category welcomed some Russian-language spam mailings promoting eye-massaging glasses, books about how to quit smoking, and gym memberships.

Roughly one-fifth of all unwanted correspondence (20.9%) falls into the other goods and services category. This category includes all spam advertising goods and services that do not fit into any other specific category. Traditionally, most of this category is represented by moving services, logistics and apartment renovation services. Summertime spam includes ads for air conditioners, which were especially conspicuous this June, and offers for anti-tick products.

Subject: A I R C O N D I T I O N E R S

A I R C O N D I T I O N E R S

{cid:00np4c2799k6$fd7gujc6$8stni41s@kcjmb}

*Summer Special*

We offer air conditioners for sale and installation from leading manufacturers:

{cid:0073rgv62oh9$14wn67a4$sut93194@dseceeadqhbd}

– warranty from 1 to 3 years; – installation of all kinds of air conditioners and any level of complexity; – on-site consultations at 300 rubles (refunded when you make your purchase); – free delivery in Moscow.

Tel.: (xxx) xxx-xx-xx (air conditioners)

Installation of window air conditioners

{cid:0091kjf946ga$54g81nl4$491wj86x@qdqzqwg}

We offer professional installation services for window and portable air conditioners. All models, all kinds. Our expert is a top professional. Quick and high quality. 7 days a week.

Tel.: (xxx)xxx-xx-xx(Installation of window air conditioners)

Exploiting the news and other hot topics

Spammers are still taking advantage of all kinds of hot topics to get users to read their emails. They aren’t too proud to use any means possible to get users’ attention. The very fact that there is no connection between the subject line in a spam email and the contents of the email doesn’t seem to concern spammers in the least.

For example, the bronze statue scandal in Tallinn – when Estonian officials ruled to move the location of a statue dedicated to a Soviet soldier – was mentioned in a spam email advertising crossbows. The email began with the words: “Today, on May 9th, more than fifty years ago our grandfathers sacrificed their blood for the victory against fascism.” That same email concludes with photographs of crossbows and their respective prices.

Spammers were also particularly active this June when it came to dropping the names of political figures. Spammers don’t seem to care at all about establishing any kind of link with the news. The rewrite the news themselves – for instance, something about the death of a well known politician – and place it in the subject line, while the body of the email contains links to a website for interested users. This type of spam has already established itself as a separate genre, as similar mailings are seen several times throughout the year. In June we saw a mass mailing with a subject line deliberately designed to be attention grabbing: “Timoshenko was shot.”

Technical tricks. New ways to send graphical spam: PDF attachments

Spammers added a new weapon to their arsenal in June when they started sending graphical spam in the form of PDF attachments. Spammers are betting that not all spam filters analyze this file format. Spam in PDF attachments is generally used for promoting stocks (aka pump&dump stock spam). Essentially, this is simply a new way to send graphical spam to users, since when a user opens the PDF file, he sees the same “noisy” images with different colored backgrounds, text in different colors and sizes, etc, which are sent in other formats as well, such as GIF, JPEG, etc.

This new spammer trick could create some difficulties for some security systems. However, the most advanced spam filters will be able to block this spam. Kaspersky Anti-Spam, for example, is equipped with all the tools needed to fight spam, including PDF attachments, and immediately began blocking this kind of spam as it appeared. Moreover, there’s no need to adjust the settings or download any updates to Kaspersky Anti-Spam to make sure it blocks spam in PDF files.

The effectiveness of a spam mailing is measured not only in the number of messages delivered to computer users, but also in the number of user reactions triggered by the spam email. When viewing the email, the contents of the PDF file are not automatically visible, and the user is meant to open the attachment. This means one extra step is required of the user, and not many users fall for this ploy: everyone has already heard about the potential dangers of opening attachments in emails received from unknown senders. For that reason, this kind of spam is expected to be less effective than your typical graphical spam. Will we see an increase in the number of spam mailings with PDF attachments? Only time will tell.

Currently, we’re seeing a different trend: the continued decline of graphical spam with more typical file formats (GIF, JPEG, etc.). In June this category represented 18.8% of all spam, which is 0.5% lower than in the previous month.

Monthly update

  • Spam accounted for 70% -80% of all email.
  • Once again Viagra and the usual suspects were in leading position.
  • This month’s technical innovations include the use of PDF files in attachments.
  • Spammers are exploiting hot news topics to get users’ attention.

Spam Report: June 2007

Your email address will not be published. Required fields are marked *

 

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox