Threat and spamscape report for May

AppRiver published their monthly report which highlights key spam and malware trends.

We heard much less about the Conficker Worm this past month, although, some malware authors tried to capitalize on Conficker’s news buzz by pretending to offer disinfection solutions for the bug. Overall, April turned out to be more about human bugs (think Swine Flu), which cybercriminals were quick to take advantage of.

Here are the highlights from April:

  • A very large, tragic earthquake hit central Italy last month, spurring numerous spam campaigns that used the news as a means to socially engineer recipients into opening its content.
  • Easter paid a visit this month, and with it came the obligatory fake Easter e-Cards with malicious links that ended up installing scareware onto victims’ PCs.
  • The Waledac botnet made several appearances this month including: a large campaign that utilized GeoCities’ URLs to promote online gambling; a fake product called SMS Spy meant to spy on your significant other’s text messages; and a run late in the month that directed victims to websites hosting foot fetish material.
  • Although after April 15th (US tax submission deadline), spammers sent out a fake IRS phishing campaign meant to target Non-Resident Aliens.
  • The biggest news in April? The swine flu, and the possible imposing pandemic. Spammers wasted no time in adapting their campaigns to mimic the news.

Top email-delivered viral threats

These are the top 20 malware threats for last month in order of frequency, with the most frequent appearing in the top position:

  • X.W32.MalEncPk-HZ
  • X.W32.MalEncPk-MZ
  • X.W32Zbot.M.post2
  • X.W32Zbot.J
  • HTMLIframe!Exploit
  • X.win32.worm.20080529
  • Netsky.P
  • W32Netsky.Q_worm
  • W32DLoader.HNGO
  • MyDoom.L
  • Netsky.D
  • HTMLNimda.A
  • W32Suspicious_U.gen
  • W32Bifrose.NCM_trojan
  • Netsky.W
  • MyDoom.I
  • Netsky.Z
  • Netsky.T
  • Suspicious_M.gen
  • W32Mydoom.R_worm
  • W32Netsky.CW

Don't miss