Member Article

Spam in July: banking Trojans dominate malware in email traffic

According to Kaspersky Lab, the percentage of spam in email traffic in July was up only 0.1 percentage points and averaged at 71.2 per cent. Malicious attachments were found in 2.2 per cent of all emails, an increase of 0.4 percentage points compared to the previous month. The level of phishing decreased by more than half compared with June, and averaged 0.0012 per cent.

In July, Kaspersky Lab continued to record mass mailings in which spammers exploited interest in the big events of the month. For example, the much-anticipated birth of the Royal baby in Britain and the spy scandal involving Edward Snowden did not go unnoticed by the spammers. Attackers kept with tradition to send out emails with malicious links imitating messages with links to breaking news. For example, the excitement around the birth of the royal baby was utilised in advertising printing services and advertising equipment. In honour of the event the company offered discounts for roller stands.

The scandal involving the former US intelligence officer Edward Snowden was used by the spammers to advertise weight loss products. The trick was that these goods were not even mentioned in the subject of the email and the text of the message offered the details of Snowden’s story rather than the methods of losing weight. However the link to the “details” contained in the email led to an advertising page.

Also, the Muslim holy month of Ramadan began in early July. Every year, Kaspersky Lab registers mass mailings exploiting this theme and this year was no exception. It recorded several English-language mass mailings, including not only traditional Ramadan advertisements of night restaurants and food but also offering automobiles and summer holidays for children.

In the summer months, tourist spam is also highly popular and Kaspersky Lab continued to register malicious mailings supposedly sent on behalf of various airlines. In July, Kaspersky Lab recorded fake notifications from “United Airlines”. The email stated that seat numbers on an upcoming flight had been changed and the updated flight information was available in the attached archive “flight document upgrade.doc.zip”. The archive contained an executable file under that name, which is detected by Kaspersky Lab as Backdoor.Win32.Vawtrak.a.

This backdoor is then used by the fraudsters to steal passwords stored on browsers as well as passwords for FTP and email clients. This malware also sends screenshots of the user’s desktop and gives cybercriminals full access to the infected computer, allowing the attackers to download and run various files on it.

In July, Kaspersky Lab experts also recorded mass mailings advertising services and goods for pets to tap into high global demand in this market. Spammers promoted offers in both Russian and English. English-language spam mostly advertised pet products and cheap food.

China remained in first place with 23.4 per cent of all distributed spam, a slight decline from the previous month (23.9 per cent). The US came second, contributing 18 per cent of global spam flow, up 0.8 percentage compared with June. South Korea was third after a small increase (0.4 percentage points) averaging 14.9 per cent in July. Combined, these three leaders produced more than one third of spam globally.

The full version of the spam report for July 2013 is available at securelist.com

About Kaspersky Lab

Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its more than 15-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at www.kaspersky.co.uk.

* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2011. The rating was published in the IDC report “Worldwide Endpoint Security 2012–2016 Forecast and 2011 Vendor Shares (IDC #235930, July 2012). The report ranked software vendors according to earnings from sales of endpoint security solutions in 2011.

This was posted in Bdaily's Members' News section by Alice Collins .