Attacks/Breaches
8/1/2013
05:38 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Report Shows Strong Increase In Regional Spam And Malware Distribution

Event spam transformed into real-time spam, according to Q2 Internet Threats Trend Report issued by Commtouch

McLean, VA - July 31, 2013 - The second quarter of 2013 saw a decrease in global spam levels while spam levels varied significantly according to region, indicating that spam distribution is becoming more and more targeted, according to the Q2 Internet Threats Trend Report issued by Commtouch® (NASDAQ: CTCH), a leading provider of Internet security technology and cloud-based services.

During the second quarter, as measured by Commtouch, global spam levels dropped by 34% in May and a further 15% in June. The average daily spam volume in June was near 54 billion emails per day - the lowest level in several years. In the first quarter of 2013, the average stood at approximately 97 billion spam emails per day.

However, spam levels developed in very different ways depending on region. For example, spam levels in Germany increased by 32% throughout Q2. While globally, the share of spam among all emails dropped to 64% in June, in Germany that number was as high as 80.4 percent. This was at least partly due to huge spam volumes on June 25th, with levels not seen since November 2011. These were caused by particularly large German-language spam waves advertising online gambling sites targeting German users, resulting in spam levels in Germany three times higher on June 25th than the previous day. In Q2, Commtouch's researchers observed many such targeted spam campaigns, among them some in Spanish, Italian or Dutch.

Also in the second quarter, the number of websites infected with malware continued to increase. By June, Commtouch was tracking 34% more malicious sites listed in Commtouch's GlobalViewT URL filtering database than there were in April. The most popular website category for malware distributors continued to be education sites, followed by business and travel websites.

"The spam and email security landscape in general became much more diversified according to region during the second quarter of 2013," said Avi Turiel, director of threat research and market analysis at Commtouch. "The discrepancies between the development of spam levels globally and in specific regions such as Germany show that that the growing trend toward targeted spam and malware distribution has started to affect spam levels in a significant way. This trend has begun to transform the way spam and malware distribution works, posing new detection challenges for security vendors."

Other report highlights:

. Event spam transformed into real-time spam in Q2, with spammers using current breaking news within hours of the news emerging, sending fake news alert emails in the name of media outlets such as CNN or BBC in order to lure recipients into clicking on a link leading to malware-infected websites. The campaigns are usually run for a very short time and then replaced by new ones using a new breaking news story. This gives the emails an appearance of urgency and specifically targets users who might not have heard the news. In Q2, such campaigns used, among other events, the Boston bombings and the Waco explosion.

. Belarus topped the list of spam-sending countries in Q2 with a share of 14.8 percent of all spam. The United States came in second (6.3 percent) followed by the Ukraine (5.8 percent). In terms of spam-sending zombie computers, India retained the crown with a share of 12.2 percent, followed by China (9.7 percent), Vietnam and Belarus (5.6 percent each).

. As far as spam topics are concerned, the first half of 2013 was a period of comebacks: after the re-emergence of pump and dump or penny stock spam in Q1 (which remained a major topic in Q2), diet spam, i.e. emails advertising allegedly miraculous drugs and methods to lose weight, became the second largest spam topic in Q2, multiplying its share among all spam emails from 0.4 percent in Q1 to 10.9 percent in Q2. The number one spam topic remained pharmaceutical spam, mainly advertising for Viagra and similar drugs, although its share of the overall spam volume significantly decreased: from 16.3 percent in Q1 to 11.7 percent in Q2.

. In Web security, the second quarter of 2013 again saw extensive use made of various Web exploit kits. The most popular one remains the Blackhole Exploit Kit which scans the target system and downloads the appropriate malware. This was used, for example, in the real-time spam campaigns described above. Other campaigns delivering exploit kits used phony LinkedIn invitations and Facebook notifications.

The Commtouch Internet Threat Analysis Team regularly publishes related statistics within its report. The quarterly report is compiled based on a comprehensive analysis of billions of daily transactions handled by Commtouch's GlobalView Cloud.

To view the Commtouch Q2 Internet Threats Trend Report, visit: www.commtouch.com/threat-report

About Commtouch

Commtouch® (NASDAQ: CTCH) is a leading provider of Internet security technology and cloud-based services for vendors and service providers, increasing the value and profitability of our customer's solutions by protecting billions of Internet transactions on a daily basis. With 12 global data centers and award-winning, patented technology, Commtouch's email, Web, and antivirus capabilities easily integrate into our customers' products and solutions, keeping safe more than 350 million end users. To learn more, visit www.commtouch.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web