The percentage of spam in email traffic in May averaged 69.8 per cent – 1.3 percentage points less than the previous month. May saw numerous mass mailings for schools and colleges offering distance learning; other spam mailings were more straightforward, simply inviting users to buy a qualification. All that was required was a donation to a church that would then officially award an honorary doctorate to the benefactor.
There were also many offers to help struggling graduates repay their student loans. The messages urged recipients to follow a link to a site where they would find adverts for organisations that recruit volunteers and staff for non-profit institutions. In the US it is possible to enroll in state programs that offer credits to people if they perform some kind of service for their community, and these credits can offset student loans. However, the mailings came from unknown senders that regularly change their email addresses, and not from an official source. The links in the messages went to newly created websites that prompted users to submit personal data.
In May, scammers sent out fake notifications on behalf of the popular iTunes Store. The recipients were informed about the alleged purchase of an application; the email even specified the name of the product and the price. The attached file, which was supposedly the invoice, in fact contained Trojan-Banker.Win32.Shiotob.f. This family of Trojans steals passwords stored in FTP clients and monitors browser traffic to intercept login details.
Phishing
Email search sites (32.2 per cent) topped the rating of organisations most frequently targeted by phishers this month. Second came social networks (23.9 per cent), headed by Facebook. Financial and payment organisations were in third place with 12.8 per cent (+0.2 percentage points) followed by online stores (12.1 per cent) whose share also grew 0.2 percentage points from April.
The UK had the highest proportion of email antivirus detections with 13.5 per cent. The US (9.9 per cent) dropped to second, while Germany (8.2 per cent) remained in third. With regards to malicious attachments, five out of the ten most popular malicious programs spread by email were representatives of the Bublik family. Their main functionality is the unauthorised download and installation of new versions of malware onto victim computers.
“Spammers are constantly thinking up new tricks or turning to old favourites to catch out their victims. It’s not just about advertising: this month we came across a number of mass mailings imitating official notifications from various services and companies. The attachments in these emails contained malware from the Andromeda family. This family consists of backdoors that allow attackers to silently control infected computers, which often become part of a botnet. If you don’t want to worry about these sorts of things, we recommend installing an Internet Security class protection solution,” commented Tatyana Shcherbakova, Senior Spam Analyst at Kaspersky Lab.
The full version of the spam report for May 2014 is available at securelist.com.
About Kaspersky Lab
Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its more than 16-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at www.kaspersky.com.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.