During the second quarter of 2013, the percentage of spam in total e-mail traffic increased by 4,2% from the first quarter, reaching 70,7% of total volume.
The percentage of phishing e-mails in global mail traffic fell by 0,0016% and came to 0,0024%, according to Kaspersky Lab’s e-mail traffic analysis.
Many e-mails with malicious attachments were addressed to corporate users this past quarter. These e-mails were disguised as auto-replies such as delivery failure notifications, or notifications of the arrival of an e-mail, fax, or scan. Malicious users expect corporate employees to skim over the details, assume the e-mail is legitimate and open the attachment — releasing a malicious program.
One unusual feature in Q2 was the distribution of e-cards with malicious attachments. In the past these were a common sight at every major holiday, but lately malicious e-card sightings have been few and far between. However, this past quarter, Kaspersky Lab again detected these malicious mailings, this time targeting the prominent American greeting card company Hallmark.
Malicious e-cards weren’t the only long-forgotten tactics detected by Kaspersky Lab in this period. In Q1 2013, one of the tricks used by spammers was “white text”, which is essentially random text added to the bottom of an e-mail.
Readers do not notice this because the colour of the text is the same as the background colour. The idea is to persuade spam filters that the unwanted message is a newsletter. This quarter, spammers used more or less the same trick; they added random text, but this time they didn’t even bother to make it “invisible”.
Instead it was merely separated from the main body of text with a large number of empty lines. All of the texts were taken from various news stories.
For example, while an e-mail might start out with a colourful photograph advertising a certain product or service, if the recipient scrolled all the way to the bottom, he would find an small-print excerpt from a news story on Hugo Chavez, the Boston Marathon, or the conflict in Korea.
The majority of spam e-mails are still very small, weighing in at less than 1Kb. Over the second quarter there were 4,8% more of these small e-mails, and they made up 73,8% of all spam mails.
The amount of malicious attachments in the second quarter was 1% lower than in the first, coming to 2,3% of all mail traffic. Among the threats spread by e-mail, the most prevalent families are those designed to steal data to access user accounts (usernames and passwords), particularly for online banking services.
The percentage of phishing e-mails in total mail traffic during the second quarter this year fell by 0,0016% and came to 0,0024%.
There were few changes in the range of organisations targeted by phishing attacks in the second quarter. The number of attacks launched against social networks fell by 3,3%, and the percentage of attacks against financial organisations increased by 1,2%, pushing that category into second place in the ratings.
More and more often these days, phishers are reluctant to rely solely on the human factor and are less willing to wait for users to enter their own data. Instead, malicious users are now sending out malicious e-mails seeded with Trojans that steal usernames and passwords, including for online banking accounts.
Malicious attachments aren’t only found in e-mails masquerading as forms for Facebook and other popular online resources — they can also be found in e-mails disguised as official bank messages.
“Recently, spammers have begun sending out e-mails with malicious attachments designed to look like automatic delivery failure notifications sent out by servers,” says Darya Gudkova, head of content analysis and research at Kaspersky Lab. “Another common trick is to make malicious e-mails look like notifications from well-known online resources, and include links to malicious Web sites.
“The large amount of spyware in malicious spam attachments shows a regrettable trend – malicious users are persistently hunting for personal data, usernames and passwords, including those for online banking and payment systems. Kaspersky Lab recommends that users continue to exercise caution — even when dealing with e-mails that appear to be legitimate.”