Spam and phishing reports

Spam Report: June 2008

Last month the Kaspersky Lab analysts forecasted a seasonal decline in spam – the first time in the last few years. Their prognosis proved accurate: from January to April spam in mail traffic averaged 86% but in May the share of spam declined and stood at only 79.1%. Though the quantity of spam increased slightly at the end of June, the general trend of a weakening in spammer activity continued.

Spam in mail traffic averaged 82.1% in June 2008. A low of 71.6% was recorded on 5 June, and a high of 91.5% occurred on 25 June.

The share of emails containing links to phishing sites halved compared to May’s figures. The June figure of 1.45% stayed close to that recorded in April. The quantity of fraudulent spam in mail traffic increased considerably compared to May (0.08%) and reached 0.38%.

Based on June’s results, it appears there will be an increase, albeit insignificant, this summer in the share of spam in mail traffic after April’s decline. However, the growth of fraudulent spam is disturbing and should serve as a warning to users not to take such spam lightly.

The Medications, health-related goods and services category remained the leading spam category in June (25.8%). The Education category (14.4%) held on to second place. The holiday season contributed to the popularity of the Travel and tourism category which climbed to third place ahead of the Fake designer goods category (14.4%).

For the first time in the last few months the Adult content spam category entered the top five. The share of this type of spam in mail traffic started to grow in May and in June reached 5.2%. Numerous invitations (mostly Russian-language) to dating sites and pages with trivial content were addressed to those spending most of the summer holidays in front of their computers.

For three weeks in June football fans were much more concerned about the events at the European Championship. Spammers jumped on the Euro 2008 bandwagon, using football themes to advertize things that had nothing to do with football.

Spammers also made use of the most popular Internet resources for advertizing. The beginning of June saw a wave of spam containing links to livefilestore, the Microsoft server for permanent file storage. After clicking on the link the user downloaded an encrypted JavaScript and was redirected to the site containing the advertisement. Hacking has made it possible for spammers to utilize a lot of the file storage pages. They hoped the numerous links in messages would increase their chances of bypassing spam filters. In addition, spammers used the LiveJournal site for spreading information: links in spam messages led to one of the community site’s pages containing the advert. In both cases the illegitimate mailings were advertising medications.

In June, Russian-language spammers tried sending out mailings in mp3 format. There was no text in these messages but the recipient could listen to the information in the attached mp3 file. Though the advert was fairly intelligible, the size of the message meant this approach was unproductive.

It seems very likely that spammers will continue to experiment with the form and content of mass mailings in their search for new ways to evade spam filters.

Spam Report: June 2008

Your email address will not be published. Required fields are marked *

 

Reports

How to catch a wild triangle

How Kaspersky researchers obtained all stages of the Operation Triangulation campaign targeting iPhones and iPads, including zero-day exploits, validators, TriangleDB implant and additional modules.

Subscribe to our weekly e-mails

The hottest research right in your inbox