UK Spam Up to Five Times More Likely to Contain Malicious URLs

Unsolicited email in UK inboxes is nearly three times more likely to contain malicious URLs than for users in the United States  according to new stats from security vendor Proofpoint.

The email security provider reported that the ratio of malicious email to standard email was a baseline of 1.0 in the US but over 2.5 in the UK.

By contrast, the level in France was even lower than the US at around 0.75 and in Germany lower still at less than 0.5 – making users in the UK more than five times more likely to find a malicious URL in their spam than their Teutonic counterparts.

However, the UK was overtaken by Germany when it came to the ratio of unsolicited messages to regular email.

“This means that the prevalence of spam and of malicious URLs in total email are not correlated,” Proofpoint noted in a blog post.

“While unsolicited email in the UK showed a higher prevalence of malicious URLs, Germany received a greater overall volume of unsolicited email deemed spam: in other words, email accounts in the UK are targeted with a smaller amount of unsolicited email than Germany, France or the US; but as much as five times more of these emails contain malicious URLs.”

The links in question deliver a range of different payloads, from banking trojans to phishing attacks, and execute either by exploit kits or through end-user actions such as clicking on a download link, according to the firm.

One particular attack spotted by Proofpoint features the Dyre banking trojan which the firm said has “become increasingly popular in the wake of the Gameover Zeus takedown.”

Most recently, alerted its customers this week that the malware may also be targeting their log-ins.

The stats on malicious URLs were so surprising that Proofpoint ran the data set twice to check the results, according to EMEA director, Mark Sparshott.

"When we drilled into the email samples we looked hard for any regional specific phishing bait or attacks which might have impacted the results. However, we couldn’t find anything in particular to attribute the spike to," he told Infosecurity.

"While we did identify a small spike in Inland Revenue tax rebate phish , it wasn’t enough to account for the statistical difference. Therefore the only conclusion we can draw is at the time of analysis the UK was receiving proportionally a lot more malicious email. Proofpoint will be monitoring this closely to see if this is temporary or becomes a sustained trend.” 

What’s Hot on Infosecurity Magazine?