A marathon of holiday spam

The main spam topics that emerged during the last quarter included the increase in spam during the holidays, mass mailings, malicious attachments and the distribution of phishing attacks, according to Kaspersky Lab.

The first quarter of the year was littered with holidays and spammers tried to make the most of this. Be it Valentine’s Day, St. Patrick’s Day or Easter – it seems there’s no holiday that won’t get a spammer working overtime. However, in Q1 of 2012 the share of spam in mail traffic was down 3 percentage points compared to the previous quarter, averaging 76.6 per cent.

“The drop in the percentage of junk email was in no little part down to the combined efforts of Kaspersky Lab and the CrowdStrike Intelligence Team, HoneyNet Project and Dell SecureWorks research groups. Their work resulted in the neutralisation of the second version of the Hlux/Kelihos peering botnet. According to our data, the botnet included over 100,000 infected computers,” says Darya Gudkova, Head of Content Analysis and Research at Kaspersky Lab.

Spammer methods and tricks

Spammers who specialise in spreading malware are especially creative in the sphere of social engineering. A mass mailing containing fake notifications from NACHA (The Electronic Payments Association) was followed by messages from the Better Business Bureau (BBB). The emails mainly targeted small and medium-sized businesses. When users clicked on the links inside the messages they entered a hacked site with a built-in script that redirected them to a malicious site containing the notorious BlackHole exploit pack.

A similar scheme was used for another mass mailing that imitated a message from an airline. The user was invited to check-in online for a US Airways flight. Other malicious mass mailings imitated financial news, job offers, bank notifications and information from social networking sites.

Sources of spam

2011’s major trend continued in Q1 2012: the share of spam emanating from Asia (+3.83 percentage points) and Latin America (+2.66 percentage points) increased, albeit slowly. Africa (+0.67 percentage points) and the Middle East’s (+1.09 percentage points) contribution also grew. Although the volume of spam originating from the latter two regions is not yet significant, a clear growth dynamic is evident. The proportion of spam distributed from Africa and the Middle East increased by 20 and 29.6 percentage points respectively compared with Q4 2011.

The share of spam in Western and Eastern Europe continued to decrease and in Q1 2012 amounted to 23.43 per cent of the total volume of global spam (-8.35 percentage points). After the closure of Hlux, further changes in the geographical distribution of spam sources can be expected.

Emails with malicious attachments

Although the percentage of malicious attachments in spam has decreased, it still remains high. Moreover, many malicious emails contain links to sites with exploits that are used in drive-by attacks, rather than attachments. Such links use various redirects to sites containing exploit packs – sets of exploit tools designed to find vulnerabilities in popular applications such as Java, Flash Player and Adobe Reader.

The peak of malware distribution came in January – over 4 per cent of all emails contained malicious attachments. In February and March the proportion of malicious spam accounted for 2.8 per cent.

Don't miss