Woburn, MA – March 20, 2014 – Kaspersky Lab today released its monthly spam report, finding that the proportion of spam in email traffic in February increased by 4.2 percent compared to January spam traffic and averaged 69.9 percent. The report showed a majority of love-themed spam dominated by Trojans, malicious programs containing the Andromeda backdoor and scams exploiting current world events.
Many malicious attachments in February’s spam came in emails allegedly sent by women who wanted to make new friends in the time leading up to Valentine's Day. Some cybercriminals tried to hook recipients with the promise of explicit photos in archives attached to messages. The explicit photos also turned out to be malicious programs and among them was the Andromeda backdoor that allows cybercriminals to secretly control a compromised computer.
Another malicious program found during February also contained the Andromeda backdoor. Messages allegedly sent on behalf of Facebook informed recipients that a lot had happened on friends’ news feeds since they last visited the site and they were prompted to find out more by opening the attached archive, which contained the malicious backdoor.
February’s love-themed malicious spam was dominated by Trojans, as the cybercriminals’ mass mailings targeted credulous users with a Trojan-Dropper. The Trojan installs two malicious programs on the system – one is spyware that steals all document files (*. Docx, *. Xlsx, *. Pdf) from the computer and sends them to a specific mailbox; another is IRC-bot/worm called ShitStorm which can carry out DDoS attacks on websites and spread copies of itself via MSN and P2P services. If recipients respond to this sort of email, their computer can easily become part of a botnet. In addition to Trojan spyware, this month’s malicious spam included ransomware.
Meanwhile, ‘Nigerian’ scammers exploited the current situation in Ukraine. They cited some familiar stories about unfortunate tourists in Kiev who had all their money stolen, followed by a request for financial assistance.
- The proportion of spam in email traffic in February increased by 4.2 percentage points compared to the previous month and averaged 69.9% - 1.2 percentage points less than in February 2013.
- China (23%) was the top source of spam, followed by the USA (19.1%) and South Korea (12.8%)
- The leading types of organizations targeted most frequently by phishing attacks included, social networking sites (27.3%), email services (19.34%) and e-pay organizations (16.73%). Kaspersky Lab specialists also came across fraudulent notifications in February that claimed to be from the Malaysian HongLeong bank.
Tatyana Shcherbakova, Senior Spam Analyst
“Phishing emails that use the names of major financial and e-payment organizations from different countries are being actively spread by scammers to steal personal financial information. A successful attack usually gives the phishers full access to the victim's personal account on the banks’ website.”
The full report is available at securelist.com.
About Kaspersky Lab
Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its more than 16-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at www.kaspersky.com.
* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2012. The rating was published in the IDC report "Worldwide Endpoint Security 2013–2017 Forecast and 2012 Vendor Shares (IDC #242618, August 2013). The report ranked software vendors according to earnings from sales of endpoint security solutions in 2012.
Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter
Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter