In June Kaspersky Lab registered an increase in fraudulent messages sent on behalf of booking services. These fake notifications imitate hotel booking confirmations or air tickets and usually contain Trojan spyware masked as bills for reservations. US video game maker Electronic Arts was at the centre of a major scam last month as phishers used fake notifications in an attempt to access users’ personal accounts in the company’s online store Origin.
As a rule, fraudulent messages imitating correspondence from booking services contained the Ursnif Trojan that steals confidential data and sends it to a remote server. It can listen to network traffic, download and run other malicious programs, as well as disable some system applications such as the firewall. The phishers who tried to access the personal accounts for Electronic Art’s Origin online store used the old trick of sending out an email saying the online store was enhancing account protection and asked the recipients to confirm they held an account.
June spam in figures:
– Percentage of spam in email traffic averaged 64.8 per cent, which was 5 percentage points less than in May.
– Top three sources of spam around the world in June were the US (13.2 per cent), Russia (7 per cent) and China (5.6 per cent).
– Germany saw a big surge in the number of antivirus detections, doubling the previous month’s share to 16.4 per cent and removing the UK off top spot – the latter’s share halved to 7 per cent. The US remained in second place on 9 per cent.
Once again topping the list of malware spread by email was Trojan-Spy.HTML.Fraud.gen. This threat appears as an HTML phishing website and sends email disguised as an important notification from banks, online stores, and software developers. Trojan-Downloader.MSWord.Agent.z was in second place. This malicious program is a *.doc file with embedded macros that downloads and runs other malicious program. In third place was a Trojan downloader from the Bublik family – it’s main functionality is the unauthorised download and installation of new versions of malware onto victim computers.
“In June, high-profile political and sporting events were used by scammers to trick users. In the run-up to the FIFA World Cup, a huge event for football fans, phishers were trying to obtain banking information from users by asking them to participate in the competition to win tickets. ‘Nigerian’ scammers again exploited the situation in Ukraine and asked for help to transfer non-existent millions,” commented Tatyana Shcherbakova, Anti-Spam Analyst at Kaspersky Lab.
Phishing
Email search sites (32.1 per cent) again topped the rating of organisations most frequently attacked, with a slight drop of 0.2 percentage points from the previous month. In second place came social networks (27.7 per cent), with an increase of 3.7 percentage points compared to May. Financial and payment organisations (11.6 per cent) and online stores (10.6 per cent) declined by 1.2 and 1.5 percentage points respectively. The proportion of attacks targeting telephone and Internet service providers fell by 0.1 percentage points leaving this category in fifth place in the rating.
The full report is available at securelist.com.
About Kaspersky Lab
Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its more than 16-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at www.kaspersky.com.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.