Moscow: The whizzes at Kaspersky Lab have summarized spammer activity for 2013:
- The share of spam in email flows stands at 69.6% in 2013, which is 2.5 percentage points lower than the preceding year
- The percentage of emails with malicious attachments was 3.2% – 0.2 percentage points lower than in 2012
- 32.1% of phishing attacks targeted social networks
- The biggest sources of spam were China (23%) and the USA (18%)
The proportion of spam in email traffic ensues to fall – in the past three years the share of uncalled-for messages has plummeted by 10.7 percentage points. It gives the impression that advertisers progressively more have a preference for the various types of legitimate online advertising that are at the moment available and which from its quarter generate higher response rates at lower costs than spam can offer.
The criminalization of spam
In some spam categories, commercial advertising is being slowly but surely displaced by criminal mailings such as spam messages advertising illegal goods or pornography. An archetypal case in point is the Travel and Tourism category that used to account for 5-10% of entire spam traffic. These days, commercial adverts like this are sporadic, but the connoisseurs comprehend numerous malicious emails actively exploiting the themes of travel and leisure.
Fake antivirus vendor messages
It is mutual for IT security experts to recommend that users do regularly update their antivirus solutions, and that is something that cybercriminals tried to take advantage of in 2013. In emails that seem to be sent by well-known antivirus vendors such as Kaspersky Lab, McAfee, ESET, Symantec etc., they insisted users to update their systems instantaneously using an attached file. The attachment turned out to contain a Trojan from the infamous ZeuS/Zbot family that is designed to steal sensitive user data, predominantly financial info.
Darya Gudkova, Head of Content Analysis at Kaspersky Lab, reportedly commented that: “For the third year in a row the most prevalent malware spread by email were programs that attempted to steal confidential data, usually logins and passwords for Internet banking systems. At the same time, however, phishing attacks are shifting from bank accounts to social networking and email. This can be partly explained by the fact that today’s email accounts often give access to a lot of content, including email, social networking, instant messaging, cloud storages and sometimes even a credit card.”
‘Gray’ mailings: bypassing the spam filters
In an attempt to reach even greater numbers of users, but wary of spam filters that block unwanted messages, advertisers are resorting to chicanery. Part of a mass mailing is sent to subscribers who have agreed to receive adverts, and part is sent to addresses taken from colossal databases these companies have purchased – to people who never offered their consent to receive such messages. If the mailings are blocked by spam filters, the advertisers contact the security vendor and try to demonstrate that their mailings are legitimate by presenting the websites where users sign up and can unsubscribe at any time. This poses a new challenge for the anti-spam industry and is leading to the development of new-fangled technologies grounded on sender reputations.
Where’s the spam coming from?
Asia accounted for 55.5% of the world’s spam in 2013 (an increase of 5.3 percentage points compared to 2012), followed by North America with 19% (+ 3.2 points). Whereas, Eastern Europe’s share almost doubled compared to the previous year, placing the region in third with 13.3%. Western Europe remains in fourth place despite a decrease of 2.4 percentage points, despite the fact that the share of Latin America in fifth place amounted to a threefold descent as compared to 2012.