Risk
2/12/2013
01:06 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

U.S. Is Spam World Champion

One in 60 e-mails contained malware in January

Berlin, February 12, 2013 - It has been two years since Rustock, the world's biggest spam botnet, was shut down and in January 2013 the US was back at the top of the list of spam-generating countries. This is the lead story in the Eleven E-mail Security Report February 2013, which Eleven has released today. With a 10.6 percent share of the total spam volume in the German-speaking region, the US held the top spot, followed by India (6.9 percent), and Romania (6.6 percent), which was the leader in October and November 2012. Good news for Germany: with a 2.3 percent share at No. 13, German IP addresses were no longer in the top ten. Geographically, the distribution of the 10 biggest spammers was comparatively spread out in January 2013: four came from Asia, three from (Eastern) Europe, two from South America, and one from North America. All of the Western European countries have disappeared from the list.

Other important trends at a glance:

- The spam volume plunged in December and January. In December, it dropped by 40.9 percent and in January, by another 15.8 percent. The decline is in line with the trend of previous years: in both 2010/2011 and 2011/2012, the volume of spam dropped sharply at the end of the year.

- The phishing volume rose dramatically in January: the number of e-mails tagged as phishing jumped by 72.4 percent from December to January.

- Virus e-mails also rose in that period. The volume of known and new malware grew by 27% in January. Together, their share of the total e-mail volume reached 1.6 percent. This means that one in every sixty e-mails was transporting malware in January.

- The majority of spam, phishing, and malware campaigns are now country specific. For example, of all the e-mails sent to German recipients, the largest spam and malware waves, and the third-largest phishing wave were all written in German. Several German-language spam waves were also in the top ten.

- The share of spam in the total e-mail volume was 60% in January 2013. In November 2012, the share was 73.9 percent.

- The "classic" spam themes are trending downwards - for example, the share of casino spam, still the most popular spam theme, fell from 34.8 percent to 22.9 percent between November 2012 and January 2013. Pharma spam rose slightly from a record low of 7.9 percent to 12.9 percent. Fake luxury products remained at 4.4 percent. The "winner": dating spam at 18.6 percent.

- At the same time, the range of spam themes has clearly broadened. In January, 39% of the themes were classified as "other", while this number was 21.6 percent in November. One large spam campaign was launched in the name of a technical Web site for strawberry cultivation, for example.

For the complete Eleven E-mail Security Report, visit the Eleven Web site at www.eleven.de/eleven-security-reports.html.

Eleven security blog: www.eleven-securityblog.de

Eleven on Twitter: www.twitter.com/elevensecurity

Eleven E-mail Security Report

Six times a year, the Eleven E-mail Security Report summarizes current statistics and trends with regard to spam and malware. The Eleven research team analyzes the spam and virus e-mails checked by Eleven Managed E-mail Security Services and then compiles and interprets the results. Eleven checks over one billion e-mails every day, and has more than 45,000 installations worldwide.

Eleven - E-mail Security Made in Germany

The leading e-mail security provider from Germany, Eleven uses one-of-a-kind, proprietary eXpurgate technology. The company offers a spam filter and e-mail categorization service that reliably protects customers against spam and phishing e-mails, detects potentially dangerous e-mails, and is also able to differentiate between individual messages and all types of bulk e-mails. eXpurgate also provides a wide range of virus protection options and a high-performance e-mail fire wall.

Worldwide, over 45,000 companies of all sizes use the eXpurgate service. eXpurgate checks and categorizes more than one billion e-mails every day. In addition to Internet service providers and telecommunication service providers such as T-Online, O2, 1&1, and freenet, the list of Eleven customers includes numerous high-profile companies and public institutions such as Air Berlin, BMW, the Federal Association of German Banks, DATEV, Free University Berlin, Landesbank Berlin, RTL, SAP, ThyssenKrupp, and Tobit Software AG. More information at www.eleven.de.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4807
Published: 2014-11-22
Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a '\0' character.

CVE-2014-6183
Published: 2014-11-22
IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors.

CVE-2014-8626
Published: 2014-11-22
Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding...

CVE-2014-8710
Published: 2014-11-22
The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.

CVE-2014-8711
Published: 2014-11-22
Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?