The rise of unsolicited and malicious emails
October saw spammers exploiting the themes of upcoming holidays, the names of well-known telecommunication service providers and the conflict in Syria, according to Kaspersky Lab’s latest spam report. A rise of 6.6 percentage points in unsolicited and malicious emails took spam’s share of global email traffic to 72.5 per cent for the month.
Trojan fraud remained the most popular malicious program spread via email. This Trojan imitates a phishing HTML page and is distributed via email. It mimics notifications from major commercial banks, online shopping sites and various other online services. Once users land on the site, they are prompted to enter their credentials – which are immediately forwarded to the fraudsters, jeopardizing the victims’ confidential information.
Trojan Fareit, a malicious program designed to steal logins and passwords from compromised computers, came second in October’s rating. Bagle climbed back to third place. Like most mail worms, Bagle self-proliferates to addresses in the victim’s address book and can download other malicious programs onto a computer without the user’s knowledge.
According to the report, fraudsters are also increasingly using the names of well-known telecoms companies to spread malicious programs. In September, they used BT Group’s name to distribute the Trojan downloader Dofoil. In October, they targeted Canada’s national telecom operator, Telus Mobility. An attached ZIP archive contained Trojan Zbot, a malicious program designed to steal users’ banking information. The fraudsters use rootkit technologies which allow them to successfully hide their executable files and processes from the system (but not from antivirus programs).
Tatyana Shcherbakova, Senior Spam Analyst at Kaspersky Lab, commented: “In most cases, spam mass mailings with malicious attachments target users’ confidential data. The fraudsters are looking for new ways to trick users and are actively expanding their list of high-profile company names for use in scams. Users should be very careful with any email containing executable .exe attachments or ZIP archives. The contents of the email should also be taken into consideration. Whenever you are asked to open an attachment, you should be very careful, and at the very least scan the attachment with the help of an antivirus program.”
In October, Kaspersky Lab also registered spam mailings offering some rather unusual services – love spells and incantations. Fraudsters were less creative when it came to festive spam, with the makers of Santa-shaped USB sticks and similar festive season goods seeming to have run out of ideas – spammers are mostly using the same designs as last year, having changed only the address in the ‘From’ field and added links to newly created redirection sites.
The situation in Syria is being actively exploited by spammers to spread “Nigerian letter” scams. In October, Kaspersky Lab continued to register new examples of fraudulent emails. For example, there was a mass mailing claiming to come from a female member of the “peacekeeping mission” in Syria who was hoping to form a serious relationship with the recipient of the email. On first glance, this seemed an innocent attempt to make friends, but once the scammers gained the victim’s confidence, the “pen pal” immediately hit a problem which only a money transfer from their new friend could solve.
In terms of the geographical location of spam, Asia (56.4 per cent) remained the leading regional spam source in October despite a slight drop (-2.4 percentage points) in spammer activity. North America came second after distributing 19 per cent of global spam. Eastern Europe’s share went up 3.8 percentage points, averaging 16 per cent, and placing the region third in the rating.