Banking Trojans dominate malware in e-mail traffic
The percentage of spam in email traffic in July was up only 0.1 percentage points and averaged at 71.2 per cent, according to Kaspersky Lab.
Malicious attachments were found in 2.2 per cent of all emails, an increase of 0.4 percentage points compared to the previous month. The level of phishing decreased by more than half compared with June, and averaged 0.0012 per cent.
In July, Kaspersky Lab continued to record mass mailings in which spammers exploited interest in the big events of the month. For example, the much-anticipated birth of the Royal baby in Britain and the spy scandal involving Edward Snowden did not go unnoticed by the spammers.
Attackers kept with tradition to send out emails with malicious links imitating messages with links to breaking news. For example, the excitement around the birth of the royal baby was utilised in advertising printing services and advertising equipment. In honour of the event the company offered discounts for roller stands.
The scandal involving the former US intelligence officer Edward Snowden was used by the spammers to advertise weight loss products. The trick was that these goods were not even mentioned in the subject of the email and the text of the message offered the details of Snowden’s story rather than the methods of losing weight. However the link to the “details” contained in the email led to an advertising page.
Also, the Muslim holy month of Ramadan began in early July. Every year, Kaspersky Lab registers mass mailings exploiting this theme and this year was no exception. It recorded several English-language mass mailings, including not only traditional Ramadan advertisements of night restaurants and food but also offering automobiles and summer holidays for children.
In the summer months, tourist spam is also highly popular and Kaspersky Lab continued to register malicious mailings supposedly sent on behalf of various airlines. In July, Kaspersky Lab recorded fake notifications from “United Airlines”. The email stated that seat numbers on an upcoming flight had been changed and the updated flight information was available in the attached archive “flight document upgrade.doc.zip”. The archive contained an executable file under that name, which is detected by Kaspersky Lab as Backdoor.Win32.Vawtrak.a.
This backdoor is then used by the fraudsters to steal passwords stored on browsers as well as passwords for FTP and email clients. This malware also sends screenshots of the user’s desktop and gives cybercriminals full access to the infected computer, allowing the attackers to download and run various files on it.
In July, Kaspersky Lab experts also recorded mass mailings advertising services and goods for pets to tap into high global demand in this market. Spammers promoted offers in both Russian and English. English-language spam mostly advertised pet products and cheap food.
China remained in first place with 23.4 per cent of all distributed spam, a slight decline from the previous month (23.9 per cent). The US came second, contributing 18 per cent of global spam flow, up 0.8 percentage compared with June. South Korea was third after a small increase (0.4 percentage points) averaging 14.9 per cent in July. Combined, these three leaders produced more than one third of spam globally.