Kaspersky Spam Evolution: January – June 2009

  • Uploaded by: Kaspersky Lab Nordic
  • 0
  • 0
  • June 2020
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View Kaspersky Spam Evolution: January – June 2009 as PDF for free.

More details

  • Words: 2,576
  • Pages: 12
Spam evolution: January – June 2009 Darya Gudkova Elena Bondarenko

Half-yearly update •

The economic crisis has not impacted the volume of spam: spam averaged 85.5% of email traffic.



Malicious attachments were found in 0.3% of messages.



0.6% of all messages contained links to phishing sites.



Asian and Latin American countries became the main sources of spam, with a shift away from Western European countries, the US and Russia.



The amount of spam advertising small and medium businesses declined during the recession.



Spam advertising spammer services has partly replaced messages containing offers for concrete goods and services.

Spam in mail traffic

Spam in mail traffic, 1H2009 Spam averaged 85.5% of mail traffic over the first half of 2009. The lowest figure was 72.8% on April 26th, while the highest percentage was 93%, recorded on February 22nd. 0.3% of spam messages included malicious attachments.

The financial crisis, which began in autumn last year, has not had an impact on the overall volume of spam in mail traffic: the figures do not differ significantly in comparison with figures for 1H 2008.

Phishing Phishing-related spam is experiencing an overall decline.

Phishing emails, 1H 2009 Phishing emails accounted for 0.6% of mail traffic in 1H2009. The number of phishing emails has fallen from month to month (with May being the exception). During Q1 2009, phishing emails made up 0.78% of mail traffic, dropping to 0.49% in Q2 2009. Anti-phishing systems now offer users better protection than ever against this type of fraud. Consequently, cybercriminals now find phishing a less profitable and less attractive tactic.

The main targets of phishing attacks 

Organizations targeted by phishing attacks, 1H 2009 The primary target of phishers is still PayPal, with eBay ranking second among the most popular targets. Over 60% of phishing emails imitate messages from these two organizations. PayPal, eBay, and major banks have been active in providing users with information about the dangers of phishing. As a result, users of such systems have become more cautious, and the phishing attacks targeting them have become less effective. Meanwhile, phishing attacks which target less commonly-used services have not been particularly lucrative. These factors may be contributing to the gradual decline in phishing spam.

Sources of spam on the Russian Internet: regrouping from the West to the East Countries  The top ten countries which are major sources of spam have changed considerably over the past six months. Less and less spam is coming from Spain and Italy, which previously took 3rd and 4th places, respectively. These countries are no longer in the top ten, with Germany and Ukraine also departing from the ranking. More spam now originates in India, Thailand, Romania, and Poland, all of which are now included in the top ten.

Top ten sources of spam (2H 2008; 1H 2009)

Russia and the US are still the leading sources of spam, but in 2H 2009, they may be displaced as the amount of spam sent from these countries is falling. In the second six months of 2008, 22% of all spam was sent from Russia in 2H 2008, but only 11% was sent in 1H 2009. The figures for the US also fell from 16% to 10%. By June, only 8% of spam was being sent from Russia. Although the fight against spam in Russia has been successful, there has not been an ultimate victory, and it's likely that spam sent from Russia will account for a stable 8 –10% of all spam. India has seen a boom in spam mailings. In 2008, this country was the source of 2% of less of all spam, jumping to 4% in Q1 2009. In June, India was responsible for a record 10% of spam on the Russian Internet, and an average of 7% over 1H 2009. The spammers' focus on India may be due to a range of factors: on one hand, as a developing economy, the country is beginning to enjoy the latest Internet technologies, including widespread Internet access. On the other hand, Indian users are poorly protected, resulting in mass malware infections designed to create botnets for sending spam. The amount of spam originating from Turkey has also increased: in 2H 2008, spam from Turkey represented just 3% of all spam, but during 1H 2009, this figure more than doubled to 6.6% of all spam. The list of European countries which are the top sources of spam has also changed. In 2008, the top three sources of spam in Europe were Spain, Italy, and Ukraine. This list is now headed by Poland, Romania and Italy. Table 1. Top ten European sources of spam Poland

4.30%

+2.30%

Romania

3.00%

+2.00%

Italy

2.60%

-2.40%

Ukraine

2.00%

-1.00%

Spain

1.90%

-3.30%

Germany

1.90%

-1.30%

Great Britain

1.60%

-0.40%

Czech Republic

1.10%

+0.70%

France

1.00%

-1.60%

Hungary

0.90%

0.50%

In general, the amount of spam coming from Western European countries has decreased noticeably, while the amount of spam sent from Eastern European countries has increased.

Regions  In terms of the top regional sources of spam, there has been a general transition from West to East. Nearly twice as much spam is now being sent from Asian countries, with an increase of

18% in 2H 2008 to 35% during 1H 2009. There has also been an increase in spam from Latin American and Eastern European countries (excluding Russia). Over the same period the amount of spam sent from Western European countries, compared to 2H 2008, decreased by almost half. In the second half of 2008, Roughly 20% of all spam was sent from Western European countries in 2H 2008, with just 12% in 1H 2009.

Sources of spam: 2H 2008, 1H 2009 This transition from the West to the East results from a number of factors: on one hand, the US and Western European countries have become more proactive in fighting spam. These countries have closed down spammer hosting sites, improved relevant legislation, and some spammers have even been held liable for their actions. This makes sending spam from Western Europe and the US a risky business for spammers. Meanwhile, Asia and Latin America — and Eastern European countries, to some extent (excluding Russia) — are becoming more attractive to spammers; the number of Internet users in these locations is beginning to increase significantly and Internet access is becoming more prevalent. Furthermore, Internet users in these countries tend to be less well protected against malicious programs and less aware of cyber threats. Essentially, the main sources of spam have more or less transitioned from Western European countries, the US, and Russia to Asia and Latin America. This is probably good news for endusers, i.e. those who do not have any partners in these regions can simply choose not to open messages originating from Latin American or Asian countries. For these people, simple modifications to spam filter configuration could cut the amount of incoming spam by half.

Spam by category

Spam on the Russian Internet by category

Most common spam categories, 1H 2009   1. 2. 3. 4. 5.

Medications and health-related goods and services – 22.1% (+2.4%) E-advertising services – 16.6% (+10.9%) Adult content spam – 11% (-8.8%) Education – 10.4% (+0.8%) Fake luxury goods – 7.4% (+1.2%).

For the fourth year in a row, the most common type of spam is still Medications and healthrelated goods and services. Most messages in this category advertise medications such as Viagra and Cialis, as well as diet pills and supplements. The second place is taken by E-advertising services, replacing the usual leading categories. This category was in seventh place in 2008. Adult content spam is still in third place, in spite of a considerable decrease in the number of such messages. Compared to last year, the figure almost halved. This is probably due to the fact that most of this type of spam consists of emails designed to lure users to fraudulent websites, where attempts are then made to get money by persuading the visitors to send SMS messages to short, premium pay numbers. This type of trick works well until it is uncovered; consequently, the life span of such scams is limited and the amount of Adult content spam is now on the decline.

The economic crisis and its impact on spam   While the primary categories of spam remain unaffected, the economic crisis has affected the distribution of spam categories. Categories on the rise First and foremost, the crisis has led to an increase in spammers advertising their own services. It would appear that the crisis has caused spammers to lose some of their regular clients and have directed their newly available resources at advertising their own services in hopes of finding new clients.

Spam advertising spammer services, 1H 2008/1H 2009 During 1H 2008, before the economic crisis began to affect Russia, e-advertising spam made up approximately 4.3% of all spam. During 1H 2009, this figure skyrocketed to 16.6%. The amount of Real estate spam has also increased notably in comparison to last year. For the most part, this type of spam advertises rental properties. In April, such offers accounted for 69% of all spam in the Real estate category.

Real estate spam, 1H 2008/ 1H 2009

Having lost tenants due to the recession, landlords have actively been advertising their vacant properties. Some reputable real estate firms may now be using spam as a relatively inexpensive means of advertising their services. Categories on the decline Small and mid-sized businesses (a subgroup which falls into the Other goods and services category) appear to have cut spending on spam advertising

Other goods and services spam, 1H 2008/ 1H 2009 On average, the volume of spam in this category fell 4% compared to the same period in 2008. Prior to the economic crisis, there were a reasonable number of clients ordering travel and tourism spam mailings. Spam in this category account for 8% of all spam in 2008. During 1H 2009, the amount of spam in this category halved, and now represents just 4%. This drop is clearly related to the global crisis. Many people's financial situation is now worse than in 2008, and they have found themselves cutting spending on travel and vacations. The Travel and tourism spam category is always susceptible to seasonal changes; however, given the economic background, these were less marked this year.

Travel and tourism spam, 1H 2008/ 1H 2009 Education spam dropped by approximately 25% in the first five months of 2009. In June, however, this type of spam returned to pre-crisis levels due to exams at schools and universities.

Education spam, 1H 2008/ 1H 2009 The economic crisis has clearly had an impact on spam advertising goods and services offered by legitimate businesses. This category represents roughly 35% of all spam. In comparison, in 1H 2008 (i.e. before the recession hit), this type of spam accounted for approximately 45% of all spam. Despite the increasing amount of real estate spam, overall the amount of spam advertising goods and services from legitimate businesses has fallen by nearly one-fourth.

Economic conditions have affected the remaining 65% of spam, which includes advertising of grey market goods and services and, to a lesser extent, fraudulent spam. The reasons are clear: firstly, anonymity makes it less risky for cybercriminals to find clients using spam than by other means, and they are unlikely to be bothered by moral concerns. Secondly, some types of fraud (such as phishing) simply could not exist without spam, since spam is an integral component of these schemes. Finally, many cybercriminal groupings have their own botnets and therefore the capability to conduct mass mailings at minimal cost.

Size and type of spam emails

Distribution of spam emails by size Most spam messages are still 10 kb or less in size. The amount of the smallest spam emails (up to 5 kb) has increased: in 1H 2009, messages of this size represented 58% of all spam, up from 46% in 2006. The overwhelming majority of such emails provide links to websites. The text of the emails and the sites they link to can differ from message to message, even if the messages are all sent in the same spam mailing. Advertising sites are either located on cheap domains (such as .cn), or domains which use free hosting services. Spammers use such tactics in an attempt to bypass spam filters. As before, most spam emails (45%) are sent in plain text format.

Distribution of spam emails by type

Graphical spam  Spam containing images now makes up nearly 15% of spam. This is due to the upswing in spammers advertising their own services; most such advertisements are sent in image form. Spammers are striving to achieve two things: to evade spam filters, and make their advertising attractive. It should be emphasized that not only programmers, but also professional designers and marketing experts work on spam mailings.

Images often offer the (fake) opportunity to unsubscribe from mailing lists.

Extract from a spam message Most emails containing images also contain text. In some cases, the advertising message and contact information are part of the image, and the text is included merely to create “noise” in order to increase the chances of evading spam filters. In other cases, the text in the message contains contact information (usually a link to a website) and the image is used to draw the reader’s attention and relay the spammer’s own advertising message.

Conclusion The countries which act as the main sources of spam are now located in the East rather than the West. Countries in Asia and Latin America, as well as countries in Eastern Europe (excluding Russia), are becoming more attractive to spammers since users in these countries are poorly protected against cyber threats. It is difficult to say just how long this trend will continue. However, it can be assumed that as users in Eastern countries become more aware of security issues, the distribution of infected machines sending spam will level out. Given that computer technologies (thanks to the openness and accessibility of information) are evolving faster than the economy (due to greater transparency and access to information) it is likely that the playing field will level out even before developing regions become highly developed. In spite of predictions to the contrary, the share of phishing emails has declined. Some may remember that in light of the crisis, these fraudulent emails were expected to increase; as a rule, phishers attempt to use negative situation to frighten users and persuade them into providing personal information. However, it seems that the anti-phishing measures that have been taken by major payment systems and banks and increased awareness of cyber threats have begun to the Internet scammers. Although the crisis has not affected the overall amount of spam in mail traffic, it has had a considerable impact on the distribution of spam by category. This primarily affects spam advertising spammer services, which now makes up a record 16.6% of all spam. Meanwhile, the total amount of spam offering goods and services in the real sector has dropped 10%. The 2008 annual spam report noted that this type of spam acts as an indicator of the ecomonic health of small and medium-size businesses during financially difficult times. And in fact, compared to the same period in 2008, spam mailings contained fewer offers from tourism and educational companies and advertisements for various goods and services. (However, the percentages of these spam categories increased slightly in June). Only time will tell how long these trends will last.

Related Documents

Kaspersky
October 2019 22
Kaspersky
October 2019 18
Kaspersky
November 2019 22
Kaspersky
October 2019 23

More Documents from ""

June 2020 1
Bruno Mathsson
December 2019 4
June 2020 1
October 2019 6
October 2019 9