An IT security product company has analysed the evolution of spam in August. According to Kaspersky Lab, the US ranks first among countries which are sources of spam distributed around the world, while the UK now leads the ranking based on the number of mail antivirus detections. August saw phishing activity increase almost 1.5 times with 32 million detections. Yahoo! was attacked so often (6.4 per cent) that it displaced Windows Live as one of the top three organisations attacked by phishers, ranking next to Google and Facebook.
· The ranking of countries as sources of spam is led by the US with 16 per cent (+0.7 per cent from July), followed by Russia with six per cent (+0.4 per cent). China is in third position with 4.7 per cent (-0.6 per cent).
· In August, the UK was the number one target for spammers sending malicious attachments. It had 13.2 per cent of all detections, adding 6.3 percentage points in a month and pushing Germany (9.6 per cent) and the US (7.7 per cent) down to second and third positions, respectively.
· The average proportion of spam in mail traffic was 67.2 per cent, which was just 0.2 percentage points higher than in the previous month. At the same time, August saw a 62 per cent increase in the number of phishing attacks compared to July.
· Australia was the country most affected by phishing attacks – its share doubled to 24.4 per cent. This pushed Brazil (19.5 per cent) down to second position. The UK (15.2 per cent), Canada (14.6 per cent) and India (14.5 per cent) came third, fourth and fifth, respectively.
· Google services (12.6 per cent) remained in top position among organisations attacked by phishers. Facebook (10 per cent) stayed in second place, while the Yahoo! search engine and services came third (6.4 per cent).
In August, Kaspersky Lab staff detected malicious files distributed via mail traffic disguised as (fake) court summons. The messages informed recipients that they were summoned to a court as defendants and they needed to familiarise themselves with information in the attachment before the hearing started. The archive attached contained the Kuluoz Trojan designed to download and launch other malware. Cybercriminals who distributed malicious attachments in spam messages again used fake Facebook notifications as a lure for users. According to the message text, the social network had been hacked, so the developers were asking users to install the utility attached in order to avoid problems in future. Instead of the promised utility, the ZIP archive attached to the message contained the Haze Trojan-Downloader, which is used by cybercriminals to download other malware, including code designed to steal personal data from the computer’s owner or send infected messages to all the addresses in the contact list.
The top three positions in August’s malware ranking were taken by Trojans, the top two of which – Redirector and Fraud – are HTML pages. Redirector steers users to an infected site, where they are usually invited to download Binbot – a service used for automatically trading in popular binary options. As for Fraud, it is used as a registration form for online banking services and sends stolen financial information to phishers. The third position is taken by the Upatre Trojan-Downloader. Malware in this family usually downloads a Trojan-Banker designed to attack financial institutions.
Tatyana Shcherbakova, Antispam Analyst at Kaspersky Lab, said: “In August, we recorded a significant 62 per cent increase in the number of phishing attacks. This is probably due to a seasonal decline in the demand for advertising spam. To keep making money cybercriminals have switched to other types of spam, including phishing scams. By faking messages from well-known services, social networks or financial organisations, phishers significantly improve the chances of their spam being successful. To avoid becoming a victim, remember these simple rules: check the sender address and be particularly careful with messages containing attachments. It’s better to contact the company directly than trust an email and lose your personal data.”
The full text of the August report is available on the Securelist website: https://securelist.com/analysis/monthly-spam-reports/66647/spam-in-august-2014/.
