In the first quarter of Fiscal 2014 spammers from their end started replicating messages from mobile applications. They specifically like the popular mobile messengers reading in the league as WhatsApp, Viber as well as Google Hangouts: which involved notifications being supposedly sent from these applications that were in turn used to spread both malware plus harmless adverts. The surging popularity of mobile devices entails that phishing attacks targeting Apple IDs are becoming more frequent.
Several gadget owners are used both to synchronization of their contacts and for the fact that messages from mobile applications can arrive via email, so few would be doubtful of the fact that WhatsApp is not directly linked to an email service. This lack of caution could prove costly, since the attached archive contained the notorious Backdoor.Win32.Androm.bjkd, whose main function is to steal personal data from users.
Mr. Altaf Halde, Managing Director, Kaspersky Lab – South Asia alleged that, “The bad guys constantly develop new ways to attack your smart phones and computers in order to steal personal information. Most popular malicious programs are now multifunctional; they can steal data from the victims computer, make the computer part of a botnet or download and install other malicious programs without the user’s knowledge. This is why it is extremely critical to update your operating system, web browser and to keep security software up-to-date. This will reduce the probability of cybercriminals running bad programs onto your computer or mobile device. Kaspersky Lab would also like to remind users that hacked email accounts can allow attackers access to all the information stored in your mailbox including other logins and passwords. We recommend you to use strong passwords and two-factor authentication if possible.”
“Recently we have seen a growth in the number of attacks targeting mobile users. Gadgets have become popular even among those who had little interaction with computers and are less familiar with computer security. This opens up new vectors of attacks for spammers and phishers. To protect themselves, users should remember not to open emails from unknown senders and especially not to click any links in these emails, which inevitably pose a risk to user security. Clicking unsafe links threatens user security regardless of which device is used – they pose a danger to desktop computers and mobile gadgets alike,” held Darya Gudkova, Head of Content Analysis & Research Department at Kaspersky Lab.
Where has the spam disappeared?
The list of countries most frequently under attack by means of malicious emails has undergone some changes ever since the third quarter of last year. The US’s cut (14%) grew 3.68 pp whereas the contribution of the UK (9.9%) besides Germany (9.6%) plummeted by 2.27 and 1.34 pp correspondingly. Consequently, the US, which was notched third in the previous quarter, returned to the top of the rating in Q1 2014.
Sources of spam by country
The top three spam sources remained unchanged from the previous quarter: China (-0.34 pp), the US (+1.23 percentage points) as well as South Korea (-0.91 pp).
In Q1 2014, China from its barrio was the leading spam source by way of 21.93% (-0.34 pp) of all distributed spam. It was followed by the United States, whose contribution stood at 18.81% (+1.23 percentage points) South Korea from its end came third with 12.95% (-0.91 pp). Russia surpassed Taiwan and moved to fourth place, one position up from the previous quarter (+0.34 pp)
Next came India at the sixth place (3.56%), followed by Vietnam (3.18%), Ukraine (2.25%), Romania (1.92%) besides the tenth place going to Japan (1.92%)
The email and search portals category topped the ranking of being the phishers’ most popular targets (36.6% of all attacks).Resulting came the social networking sites with 26% followed by financial plus e-pay organizations as well as banks (14.7%)
Malicious attachments in email
The chief objective entailing most malicious programs distributed via email is to steal confidential data. Nevertheless, in Q1 malware capable of spreading spam and launching DDoS attacks was also popular. Most popular malicious programs are now multifunctional: they can steal data from the victim computer, make the computer part of a botnet, or for that matter download as well as install other malicious programs without the user’s knowledge.
- Trojan-Spy.HTML.Fraud.gen persisted to be the most popular malicious program spread by email in the first quarter of the year. This malicious program is designed to look like an HTML page used as a registration form for online banking services. It is used by phishers to steal financial information.
- In second and seventh places came the Net-Worm.Win32.Aspxor worms. These net worms are designed to spread spam. They automatically infect sites, load and run other programs, and collect valuable information stored on the computer such as passwords and other data to be able to access email and FTP accounts.
- Email-Worm.Win32.Bagle.gt, a long-time resident of the Top 10, came third. The main functionality of any worm is to harvest email addresses found on an infected computer. The Bagle worm can also accept remote commands to download malicious files from the Internet sans the user’s knowledge.
- Fourth and eighth places were occupied by Fareit family Trojans, which were most actively distributed in January. These programs were designed to steal user logins and passwords, launch DDoS attacks and download and run random software. The two samples from our rating could download and run Zbot Trojans. In addition, Fareit Trojans can steal Bitcoin wallets as well as other crypto-currency wallets (about 30 in total)
- Trojan.Win32.Bublik.bwbx is in fifth. This program downloads other malware, specifically the Zbot family of Trojans, onto the victim computer.
- Backdoor.Win32.Androm.bngy came sixth. The Andromeda family of malware consists of backdoors that allow cybercriminals to secretly control a compromised computer. Machines infected by these programs often become parts of botnets.
- Email-Worm.Win32.Mydoom.l, a well-known mail worm, stood ninth in the rating.
- The Top 10 for Q1 was completed by a notorious Trojan from the Zbot family. Zbot is a family of Trojans that steal confidential user information. It can as well install CryptoLocker, a malicious program that from its part demands money to be able to decrypt user data.
The percentage of spam in email traffic
The percentage of spam at the offing as far as total email traffic is taken into account for the duration of the first quarter of the year came to 66.34%, down 6.42 pp from the previous quarter. Nevertheless, paralleled with the same period of Q1 2013, the cut of spam in Q1 2014 hardly changed, plummeting by merely 0.16 pp.