Spam volume hits year-long low, but remains just as dangerous

According to Kaspersky Lab’s monthly spam report, the percentage of spam in email traffic was down 4.5 percentage points from September, averaging 68%. The amount of phishing attacks on social networking sites decreased in October too – down 10%. The category fell from first place to fourth in terms of threats, “behind even the search engines category,” Kaspersky said.

That’s good news for pretty much everyone other than a few notable exceptions: October saw considerable growth in the number of attacks on financial organizations (advancing 2.85%) and online stores and e-auctions (up 5.42%). Most of these attacks provide fraudsters with access to users’ online banking and e-payment accounts – a particular concern when making purchases online in the run-up to the winter holidays.

Meanwhile, the overall volume of spam may have reached an annual low, but the danger posed by it remained high. Malicious files were still found in 3.25% of all emails, just a mere 0.15 percentage points less compared to the previous month.

“In October the percentage of spam may have decreased, but it didn’t become any less dangerous: we saw a lot of malicious and phishing emails targeting users’ money,” said Darya Gudkova, head of content analysis and research at Kaspersky Lab. “This will probably continue in the run-up to the Christmas and New Year holidays. Users should be especially watchful when making e-payments and entering confidential data on the Internet. Do not click links in spam emails and do not open attachments from unknown senders. Apply software updates as soon as they appear.”

In October, spammers continued to use a wide range of tricks to distribute malicious zip files. This month they spread emails imitating official notifications of speeding fines as well as fake hotel reservations and offers of fake airline e-tickets. Spammers also tried to add a personal touch to infiltrate computers. For example, they spread fake wedding invitations that contained a malicious attachment, Gudkova noted.

Also in October, fraudsters introduced a new variation on the faux hotel booking theme. The perpetrators began by sending English-language messages, allegedly from booking.com. Now, fake emails in English and German have started imitating notifications from the online booking service hotel.de, Kaspersky found. The email, which contains an attachment with a malicious zip archive, asks the user to confirm a booking at the five-star Brenner’s Park-Hotel & Spa in Baden-Baden. The .exe file enclosed in the archive is detected by Kaspersky Lab as Trojan-Ransom.Win32.Gimemo.atjk.

Trend Micro is also tracking the new variant, which it calls Gamarue, finding most recently that it has moved from Germany to targeting India, affecting 2% of users there already.

"A lot of e-commerce websites pay the price of being popular,” said Suchita Vishnoi, head of corporate communications at Trend Micro, in a statement. “Online travel and hotel market has become an attractive target for cybercriminals given the large volume of transactions on hotel and online sites. A frequent traveler who has done a hotel booking or checked reviews recently, in all probability, would be prompted to click that mail. When a user clicks the attachment in this spam mail, the malware known as Gamarue becomes active. It can steal from an affected user any information left behind on the emails and saved on user's system.”

Meanwhile, early autumn saw the world’s attention focus on the US presidential election. At the height of electioneering, spam campaigns asked users to express their opinion about who would become the next president of the United States in return for a Visa gift card worth $250. Or, the mails featured calls to support one of the candidates or offers for watches and clothes made famous by the candidates.

That campaign is likely out of steam though.

“As expected, the presidential election in the USA attracted a lot of spammer attention,” said Kaspersky’s Gudkova. “It is unlikely that after the election Obama's name will appear so often in spam. In order to lure users to a malicious site or to extort money from them, the spammers will no doubt find other hot topics, such as the hurricane in New York.”

Meanwhile, Halloween turned out to be a bonanza for spammers. Messages in English offered holiday-related special offers: designer bags, door mats, photo frames and fluorescent T-shirts. “The holiday theme was actively exploited to advertise various offers and discounts. This time, in honor of Halloween, spammers offered new and used discount cars from manufacturers. Jack-o’-Lanterns and bats conveyed the holiday theme in these adverts,” Gudkova said.

Similarly, Kaspersky Lab registered numerous Christmas and New Year-related mailings offering a variety of candies, souvenirs, tickets for festive season excursions and more. Some New Year spam advertises market-specific goods. For example, emails in Russian offered decorative miniature handmade felt boots – known as “valenki” – which are fixed to surfaces with the help of a magnet or a hook, Gudkova explained.

“Russian users were also offered made-to-order artificial indoor and outdoor Christmas trees while English-speaking users were offered the chance to buy a tin and grow a Christmas tree at home by just following some easy instructions,” she said.

When it comes to geography, continuing the trend set over the course of the year, China (30.7%) and the US (27.3%) were the most active spam distributors in October. These two countries contributed almost 58% of the world’s junk email flow. The Top 5 also includes India (5.8%), Vietnam (4.3%) and Brazil (2.6%), which are in spammers’ sites thanks to notoriously poor anti-virus protection.

When it comes to countries sending spam specifically to users in Europe, China’s share is even higher (53.3%), up 11.8 percentage points from September’s figure. The US came second here too, with 13.4% (+2.7 percentage points) of all distributed spam.

In-region, Italy increased its contribution of European spam flows by 3.9 percentage points compared to September, moving the country up to third place. At the same time the share of spam emanating from India declined considerably in European countries (down 6%).

What’s Hot on Infosecurity Magazine?