Latest news
20-fold increase in fraudulent spam
Posted on 07 November 2011.
In Q3 2011, the percentage of fraudulent emails in spam traffic increased twenty times, rising from 0.1 per cent last quarter to 2 per cent of all spam traffic in Q3. The quantity of fraudulent messages is striking, but so is the variety of social engineering techniques deployed.
On one level, attackers used tried-and-trusted tricks, sending email offers on behalf of online games to steal usernames and passwords, or fake notifications from major organisations which then link to a phishing resource. Multi-stage attacks on a new level are now becoming more common.
For example, messages invited recipients to take part in a survey and win money for doing so. Users followed the link, found themselves on a page with a customer satisfaction survey form and filled it in. After submitting the survey, they were redirected to a further form asking for their full credit card details in order to process the promised payment. Of course, the information was likely to be used to clean out accounts, rather than pay any cash.
The third quarter saw the volume of phishing emails increase very slightly and account for just 0.03 per cent of all mail traffic. The share of attacks on Facebook increased by five per cent which meant this social network climbed from 5th to 3rd in the rating of most popular phishing targets.
In previous spam reports it has been mentioned that phishers have lost interest in traditional banks, and this time, for the first time ever, there are just two banks featuring in the Top 10 in Q3 2011. This is because the theft of real money is more risky than stealing virtual money for phishers. Moreover, both approaches are almost equally lucrative.
Volume of spam dropping
Spam levels fell steadily throughout the quarter, except for a spike in the last week of September when the share reached 82.1 per cent. “Despite the decrease in the amount of spam in mail traffic its content has become more dangerous. The average percentage of spam with malicious attachments reached a record-breaking high of 5.3 per cent throughout Q3.
This spike, and a similar rise in adult content spam, could be the result of the summer holiday season and the ‘second wave’ of the global economic crisis. During the summer slowdown, and prompted by the uncertain financial climate, spammers look for scams that can keep them in business,” says Darya Gudkova, Head of Content Analysis and Research at Kaspersky Lab.
Think before opening attachments
Increased levels of spam with malicious attachments continued to threaten users in Q3 2011. The spammers deployed standard tricks to coax users into opening attachments, and used some new, more sophisticated methods. Among the latter, it was common to send emails with alarming subjects, an apparently encrypted text and a malicious attachment. The fraudsters were hoping that users would choose to open the attachment in the hope of making sense of the unintelligible email.
Overall, in Q3 2011 the average proportion of emails with malicious attachments increased by 1.17 per cent, reaching 5.03 per cent. As in the previous two quarters, Russian and US mail traffic carried a sizeable proportion of malicious attachments (9.8 per cent and 9.5 per cent respectively). Britain came third with 7.3 per cent of all detected malicious attachments, up 1.1 per cent on the previous quarter.
Spammer methods and tricks: hiding the evidence
Hacking legitimate sites and doctoring them with javascript code is not the only trick spammers use to keep their sites off blacklists. In Q3 2011 Kaspersky Lab came across spam emails containing links to legitimate web resources but, at the same time, carrying an SQL injection (in fact these were compromised sites which redirected users to the fraudsters’ resources).
In addition, spammers continue to actively use Google cloud services to bypass filtering. By adding a link that leads to a document in the cloud they can redirect users to spammer advertising sites.
Main statistics
2011’s major trend continued in Q3: more and more spam is coming from developing countries. India (+0.7 per cent), Indonesia (+4.7 per cent) and Brazil (+0.8 per cent) were the top three sources of spam. Q3 2011 saw considerable shifts in the distribution of spam by category. Education-related spam went down sharply (-39.9 per cent) compared to the previous quarter.
There were also declines in other categories of commissioned spam, such as Travel and Tourism (-4.3 per cent) and Other Goods and Services (-1.6 per cent). In their place, there was a growth in spam distributed via partner programs: Medications and Health-Related Goods and Services, and Adult Content spam.
On one level, attackers used tried-and-trusted tricks, sending email offers on behalf of online games to steal usernames and passwords, or fake notifications from major organisations which then link to a phishing resource. Multi-stage attacks on a new level are now becoming more common.
For example, messages invited recipients to take part in a survey and win money for doing so. Users followed the link, found themselves on a page with a customer satisfaction survey form and filled it in. After submitting the survey, they were redirected to a further form asking for their full credit card details in order to process the promised payment. Of course, the information was likely to be used to clean out accounts, rather than pay any cash.
The third quarter saw the volume of phishing emails increase very slightly and account for just 0.03 per cent of all mail traffic. The share of attacks on Facebook increased by five per cent which meant this social network climbed from 5th to 3rd in the rating of most popular phishing targets.
In previous spam reports it has been mentioned that phishers have lost interest in traditional banks, and this time, for the first time ever, there are just two banks featuring in the Top 10 in Q3 2011. This is because the theft of real money is more risky than stealing virtual money for phishers. Moreover, both approaches are almost equally lucrative.
Volume of spam dropping
Spam levels fell steadily throughout the quarter, except for a spike in the last week of September when the share reached 82.1 per cent. “Despite the decrease in the amount of spam in mail traffic its content has become more dangerous. The average percentage of spam with malicious attachments reached a record-breaking high of 5.3 per cent throughout Q3.
This spike, and a similar rise in adult content spam, could be the result of the summer holiday season and the ‘second wave’ of the global economic crisis. During the summer slowdown, and prompted by the uncertain financial climate, spammers look for scams that can keep them in business,” says Darya Gudkova, Head of Content Analysis and Research at Kaspersky Lab.
Think before opening attachments
Increased levels of spam with malicious attachments continued to threaten users in Q3 2011. The spammers deployed standard tricks to coax users into opening attachments, and used some new, more sophisticated methods. Among the latter, it was common to send emails with alarming subjects, an apparently encrypted text and a malicious attachment. The fraudsters were hoping that users would choose to open the attachment in the hope of making sense of the unintelligible email.
Overall, in Q3 2011 the average proportion of emails with malicious attachments increased by 1.17 per cent, reaching 5.03 per cent. As in the previous two quarters, Russian and US mail traffic carried a sizeable proportion of malicious attachments (9.8 per cent and 9.5 per cent respectively). Britain came third with 7.3 per cent of all detected malicious attachments, up 1.1 per cent on the previous quarter.
Spammer methods and tricks: hiding the evidence
Hacking legitimate sites and doctoring them with javascript code is not the only trick spammers use to keep their sites off blacklists. In Q3 2011 Kaspersky Lab came across spam emails containing links to legitimate web resources but, at the same time, carrying an SQL injection (in fact these were compromised sites which redirected users to the fraudsters’ resources).
In addition, spammers continue to actively use Google cloud services to bypass filtering. By adding a link that leads to a document in the cloud they can redirect users to spammer advertising sites.
Main statistics
2011’s major trend continued in Q3: more and more spam is coming from developing countries. India (+0.7 per cent), Indonesia (+4.7 per cent) and Brazil (+0.8 per cent) were the top three sources of spam. Q3 2011 saw considerable shifts in the distribution of spam by category. Education-related spam went down sharply (-39.9 per cent) compared to the previous quarter.
There were also declines in other categories of commissioned spam, such as Travel and Tourism (-4.3 per cent) and Other Goods and Services (-1.6 per cent). In their place, there was a growth in spam distributed via partner programs: Medications and Health-Related Goods and Services, and Adult Content spam.
Spotlight
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Is Microsoft is reading your Skype communications?
Posted on 15 May 2013. | The question of whether Skype allows U.S. intelligence and law enforcement agencies to access the communications exchanged by its users has still not been adequately answered by Microsoft.
Internet Explorer best at blocking malware
Posted on 14 May 2013. | While Chrome’s malware download protection improved significantly, Internet Explorer 10 continues to outperform the other browsers with a block rate of 99.96%.
Researcher refuses to help Saudi telco to spy on people
Posted on 14 May 2013. | You would think that a Saudi Arabian telecom firm interested in monitoring its users' mobile communications would not be asking a well-known pro-privacy researcher for help, but you would be wrong.
Malicious browser extensions are hijacking Facebook accounts
Posted on 13 May 2013. | Facebook users - especially those in Brazil - are being targeted with malicious browser extensions trying to hijack Facebook profiles, warns Microsoft.
Daily digest
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
Weekly newsletter
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
