In Q2, the percentage of spam in total email traffic increased by 4.2 per cent from the first quarter of 2013 and came to 70.7 per cent. The percentage of phishing emails in global mail traffic fell by 0.0016 per cent and came to 0.0024 per cent. These figures are among the results of Kaspersky Lab’s email traffic analysis for Q2 2013.
Main Trends in Q2
Many emails with malicious attachments were addressed to corporate users this past quarter. These emails were disguised as auto-replies, i.e., delivery failure notifications, or notifications of the arrival of an email, fax, or scan. Malicious users expect corporate employees to skim over the details, assume the email is legitimate and open the attachment — releasing a malicious program.
One unusual feature in Q2 was the distribution of eCards with malicious attachments. In the past, these were a common sight at every major holiday, but lately malicious eCard sightings have been few and far between. However, this past quarter, Kaspersky Lab again detected these malicious mailings, this time targeting the prominent American greeting card company Hallmark.
Malicious eCards weren’t the only long-forgotten tactics detected by Kaspersky Lab in this period. In Q1 2013, one of the tricks used by spammers was “white text,” which is essentially random text added to the bottom of an email. Readers do not notice this because the colour of the text is the same as the background colour. The idea is to persuade spam filters that the unwanted message is a newsletter. This quarter, spammers used more or less the same trick; they added random text, but this time they didn’t even bother to make it “invisible”. Instead it was merely separated from the main body of text with a large number of empty lines. All of the texts were taken from various news stories. For example, while an email might start out with a colourful photograph advertising a certain product or service, if the recipient scrolled all the way to the bottom, he would find an small-print excerpt from a news story on Hugo Chavez, the Boston Marathon, or the conflict in Korea.
Statistics for Q2
The countries which most actively send spam remain the same, although their percentages have changed slightly: China is down by 1.2 per cent, the US is down by 0.9 per cent, and South Korea’s percentage is lower by 3 per cent.
The distribution of sources of spam by country, Q2 2013
The majority of spam emails are still very small, weighing in at under 1KB. Over the second quarter there were 4.8 per cent more of these small emails, and they made up 73.8 per cent of all spam mails.
The amount of malicious attachments in the second quarter was 1 per cent lower than in the first, coming to 2.3 per cent of all mail traffic. Among the threats spread by email, the most prevalent families are those designed to steal data to access user accounts (usernames and passwords), particularly for online banking services.
The percentage of phishing emails in total mail traffic during the second quarter this year fell by 0.0016 per cent and came to 0.0024 per cent.
There were few changes in the range of organisations targeted by phishing attacks in the second quarter. The number of attacks launched against social networks fell by 3.3 per cent, and the percentage of attacks against financial organisations increased by 1.2 per cent, pushing that category into second place in the ratings.
More and more often these days, phishers are reluctant to rely solely on the human factor and are less willing to wait for users to enter their own data. Instead, malicious users are now sending out malicious emails seeded with Trojans that steal usernames and passwords, including for online banking accounts.
Malicious attachments aren’t only found in emails masquerading as forms for Facebook and other popular online resources — they can also be found in emails disguised as official bank messages.
“Recently, spammers have begun sending out emails with malicious attachments designed to look like automatic delivery failure notifications sent out by servers. Another common trick is to make malicious emails look like notifications from well-known online resources, and include links to malicious websites. The large amount of spyware in malicious spam attachments shows a regrettable trend – malicious users are persistently hunting for personal data, usernames and passwords, including those for online banking and payment systems. Kaspersky Lab recommends that users continue to exercise caution — even when dealing with emails that appear to be legitimate.” said Darya Gudkova, Head of Content Analysis & Research, Kaspersky Lab.
To read the full version of Q2 2013 Spam report visit securelist.com.
About Kaspersky Lab
Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its more than 15-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at www.kaspersky.com.
* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2011. The rating was published in the IDC report "Worldwide Endpoint Security 2012–2016 Forecast and 2011 Vendor Shares (IDC #235930, July 2012). The report ranked software vendors according to earnings from sales of endpoint security solutions in 2011.