Spam and Phishing

After analyzing all the known malware modifications in Acecard family, we established that they attack a large number of different applications. In particular, the targets include nine official social media apps.

In 2015, the proportion of spam in email traffic decreased by 11.48 percentage points and accounted for 55.28%. This reduction was caused by the migration of advertising for legal goods and services from spam flows to more convenient and legal platforms, as well as by the expansion of the “gray” zone in mass mailings.

Security experts have for years reiterated: cybercriminals can make use of any information that you publish about yourself on a social network. However, a huge amount of users still continue to share news and a plethora of personal information with their virtual friends as well as incidental onlookers. This may lead to unpleasant and, at times, unforeseen consequences.

To ease their customers’ nerves, delivery services send email notifications and provide shipment tracking systems. However, this type of communication also creates the ideal conditions for cybercriminals to send phishing messages in the name of major delivery services.

The war in Syria, which began several years ago, has recently become one of the most widely reported events in the media. Along with the growing interest of the international community in Middle East events, “Nigerian” scammers have also jumped on the bandwagon.

In Q3 of 2015, the percentage of spam in email traffic accounted for 54.2%. The holiday season saw an increase in tourism-related malicious spam. Cybercriminals sent out fake notifications from well-known booking services, airlines and hotels, as well as emails from individuals. They typically included attached archives with different Trojan downloaders.

Suspected spear phishing campaign attempting to steal users’ credentials by sending phishing emails masquerading as Google recovery.

The IT community is working hard to find and take down malicious sites as soon as possible, but then … the weekend is the weekend for many. What happened just last Friday may be a good example of such malicious weekend activity.

Today I ran into a typical fraud email claiming to come from a U.S. bank but with a twist! Analyzing the attachment, it turns out that there’s no malware inside but instead a new middle step to fool lesser security software.

Today, I received this message from a friend living in Mexico via Whatsapp. According to it, Starbucks is giving away 500 in local currency credits if you take their survey, so my friend asked me to take a quick look to determine if it’s real.

In Q2 2015, the percentage of spam in email traffic accounted for 53.4%. The USA (14.6%) and Russia (7.8%) remained the biggest sources of spam. China came third with 7.1%. The Anti-Phishing system was triggered 30,807,071 times on computers of Kaspersky Lab users.

Old tricks never die, and bad guys know that. We recently saw a big wave of malicious VBE files targeting Brazilian users, distributed via email messages.

In the second quarter of 2015 Kaspersky Lab solutions detected and repelled a total of 379,972,834 malicious attacks from online resources. There were 5,903,377 registered notifications about attempted malware infections aiming at stealing money via online access to bank accounts. Were detected 291,887 new malicious mobile programs.

The security flaws of the OAuth protocol have been known for quite a while. However, this is the first time we have come across a phishing email used by fraudsters to put these techniques into practice.

The share of spam in email traffic in the first quarter of 2015 was 59.2%; the percentage of spam gradually declined during the quarter. Spam traffic included a large number of mass mailings with Microsoft Word or Excel attachments containing macro viruses.