October saw spammers exploiting the themes of upcoming holidays, the names of well-known telecommunication service providers and the conflict in Syria, according to Kaspersky Lab’s latest spam report. A rise of 6.6 percentage points in unsolicited and malicious emails took spam’s share of global email traffic to 72.5 per cent for the month.
Trojan fraud remained the most popular malicious program spread via email. This Trojan imitates a phishing HTML page and is distributed via email. It mimics notifications from major commercial banks, online shopping sites and various other online services. Once users land on the site, they are prompted to enter their credentials – which are immediately forwarded to the fraudsters, jeopardising the victims’ confidential information.
Trojan Fareit, a malicious program designed to steal logins and passwords from compromised computers, came second in October’s rating. Bagle climbed back to third place. Like most mail worms, Bagle self-proliferates to addresses in the victim’s address book and can download other malicious programs onto a computer without the user’s knowledge.
According to the report, fraudsters are also increasingly using the names of well-known telecoms companies to spread malicious programs. In September, they used BT Group’s name to distribute the Trojan downloader Dofoil. In October, they targeted Canada's national telecom operator, Telus Mobility. An attached ZIP archive contained Trojan Zbot, a malicious program designed to steal users’ banking information. The fraudsters use rootkit technologies which allow them to successfully hide their executable files and processes from the system (but not from antivirus programs).
Tatyana Shcherbakova, Senior Spam Analyst at Kaspersky Lab, commented: “In most cases, spam mass mailings with malicious attachments target user’s confidential data. The fraudsters are looking for new ways to trick users and are actively expanding their list of high-profile company names for use in scams. Users should be very careful with any email containing executable .exe attachments or ZIP archives. The contents of the email should also be taken into consideration. Whenever you are asked to open an attachment, you should be very careful, and at the very least scan the attachment with the help of an antivirus program.”
In October, Kaspersky Lab also registered spam mailings offering some rather unusual services – love spells and incantations. Fraudsters were less creative when it came to festive spam, with the makers of Santa-shaped USB sticks and similar festive season goods seeming to have run out of ideas - spammers are mostly using the same designs as last year, having changed only the address in the ‘From’ field and added links to newly created redirection sites.
The situation in Syria is being actively exploited by spammers to spread "Nigerian letter" scams. In October, Kaspersky Lab continued to register new examples of fraudulent emails. For example, there was a mass mailing claiming to come from a female member of the “peacekeeping mission” in Syria who was hoping to form a serious relationship with the recipient of the email. On first glance, this seemed an innocent attempt to make friends, but once the scammers gained the victim’s confidence, the "pen pal" immediately hit a problem which only a money transfer from their new friend could solve.
In terms of the geographical location of spam, Asia (56.4 per cent) remained the leading regional spam source in October despite a slight drop (-2.4 percentage points) in spammer activity. North America came second after distributing 19 per cent of global spam. Eastern Europe’s share went up 3.8 percentage points, averaging 16 per cent, and placing the region third in the rating.
The full version of the spam report for October 2013 is available at securelist.com.
About Kaspersky Lab
Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its more than 16-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at www.kaspersky.co.uk.
* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2012. The rating was published in the IDC report "Worldwide Endpoint Security 2013–2017 Forecast and 2012 Vendor Shares (IDC #242618, August 2013). The report ranked software vendors according to earnings from sales of endpoint security solutions in 20