Spammers step up efforts

Read time 3min 30sec

Romantics weren't the only ones making an effort in February, as spammers upped their activity after a relatively quiet past few months.

According to Kaspersky Lab's "Spam in February 2013" report, the proportion of spam in e-mail traffic grew by 12.8%, averaging 71% during February. Alongside this, the percentage of phishing e-mails remained unchanged, averaging 0.003%, and malicious files were found in 2.6% of all e-mails - a decrease of 0.2%.

Unsurprisingly, Valentine's Day was the focus of spammers' efforts in February, with the majority of English-language spam traffic focusing on special offers for flowers from so-called partner programmes.

Spammers employed various tricks to attract attention. Over and above the expected Valentine's-related special offers were mass mailings that weren't offering any gifts or services related to 14 February, despite the mail headings' claims to the contrary.

The company encountered several spam e-mails targeting singles, by advertising dating agencies. However, besides the usual images of 'lonely hearts' and a field for users to search for their perfect match, the links often lead to completely unrelated pages.

Geographical distribution

During February, the US topped the ranking of the leading sources of spam worldwide with a total of 16.9%. Spam originating in China halved, averaging 14.4%, resulting in a drop to second place for the country.

Hot on its heels was South Korea, with 13.7%, an increase of 6.9%. Russia dropped from fourth to seventh place, with 3.3%, while Taiwan's share grew threefold to 5.1%.

Italy was the unlucky winner of the title for the country targeted most by malicious e-mails during the month, pushing long-term leader, the US, to second place. Italy's share grew by 9.4% and averaged 14.4%.

There were no major changes to the percentages of the other countries in the ranking.

The targeted

Fake notifications from various financial organisations are still a favourite with cyber criminals for sending malicious software through e-mail. Kaspersky Lab cites the example of scammers using the fake notification that a user's bank account has being hacked and blocked, with a link in the mail that promises to provide further information.

One such notification was registered by the security giant as FraudReport_acoountid_43753985724.exe, and is malware detected by Kaspersky Lab as Backdoor.Win32.Androm modifications.

Google, unfortunately, enjoyed special attention during the month, with scammers launching a mass mailing including the company's name, notifying users that Google was considering their resumes for potential positions. The recipient was invited to view the attached file to check that their details were correct.

As we've come to expect, the attachment was a zip archive containing the file Document.chm.exe, that was in fact a Trojan, detected by Kaspersky Lab as Trojan-Dropper.Win32.Typic.bea, which was created to steal passwords and other confidential data on the user's computer.

Darya Gudkova, head of content analysis and research at Kaspersky Lab, says the increase in spam in February is not indicative of a new trend.

"It was most probably caused by a decline in the share of junk e-mail during the January holidays when many of the computers used in botnets to distribute spam were turned off. Moreover, the proportion of unsolicited messages in February was still slightly lower when compared with the average for the whole of 2012. In any case, we don't expect any more dramatic changes in the near future," said Gudkova.

Far more worrying, she said, is the fact that most malicious attachments in spam are programs designed to steal users' credentials for online financial systems. "They appear in the form of HTML pages imitating registration forms. Users should be especially careful with such e-mails and the attachments should not be opened; online banking pages should only be accessed via a browser."

See also