Commtouch Q1 Report: Pump And Dump Spam Returns With A Vengeance

Phishing also increased dramatically

May 8, 2013

4 Min Read


McLean, VA - May 1, 2013 - Unwanted and dangerous email increased dramatically in the first quarter of 2013, according to a Q1 Internet Threats Trend Report issued by Commtouch® (NASDAQ: CTCH), a leading provider of Internet security technology and cloud-based services. During the first quarter of 2013, an average of 97.4 billion spam emails and 973 million malware emails were sent worldwide each day. In March, the number of daily spam emails significantly exceeded the 100 billion mark (117.8 billion).

Spam levels doubled between December 2012 and March 2013, a 98% increase. Phishing also increased dramatically, with the number of phishing emails swelling to more than 74% in March, compared to the previous December. The largest increase, however, could be observed with email-borne malware: levels of emails carrying known malware were 157% higher in March than in December. For virus outbreaks, the increase was a stunning 290%.

The biggest part of this growth occurred in March. Compared to February, spam levels increased by 41%, known malware by 75%, and virus outbreaks by 124%. Only phishing volumes broke the trend, as they only increased by eight percent in March. The current increase is unusual in that historically spam and malware levels rarely correspond. In the past, when one category increased, the other often decreased or at least stagnated. The significance of the first quarter growth is underlined by comparisons with the respective volumes in March 2012: In March 2013, spam levels were 48% higher than the previous year, malware emails were 255% higher, and malware outbreaks were 251% higher. Only phishing levels decreased since March 2012.

Other report highlights:

- Pump and dump spam, also known as penny stock spam, one of the most popular topics among spammers between 2006 and 2008, made a forceful comeback in Q1 after having all but disappeared in previous years. In March 2013, pump and dump spam dominated the list of spam topics. Eighteen percent of the top 25 spam emails (with a combined volume of 46% of all spam) were pump and dump mailings. The trick was the same as in previous years. The emails advertise cheap shares with very small trading volumes, indicating there was significant earning potential in them. If only a few recipients can be fooled into buying the stock, the value will rise significantly and the spammers who have bought shares at the lower price can cash in.

- In Web security, the first quarter of 2013 saw extensive usage of the Blackhole exploit kit. The kit is installed on target Web sites allowing the installation of drive-by malware. The JavaScript on the page scans the visiting system to determine the versions of popular software. Once the kit has determined that there is vulnerability, the relevant exploit is loaded, allowing the controller to gain a foothold on the infected system. The Blackhole controller can then deliver further malicious content.

- Current news events were extensively used to lure email users to Web sites infected with malware. Fake email news alerts allegedly coming from CNN or the BBC exploited breaking news stories, such as the election of the new pope and the financial crisis in Cyprus. They linked to Web sites carrying the Blackhole exploit kit.

- The United States was the largest source of spam in the first quarter of 2013, topping the list of spam senders with a share of 9.1 percent of the overall volume. The United States was followed by Belarus (6.5%), Spain (5.6%), Argentina (5.0%) and India (4.3%).

"The dramatic rise in the quantity of unwanted and dangerous emails during the first quarter of 2013 shows that email communication is still one of the key attack vectors," said Avi Turiel, director of threat research and market analysis at Commtouch. "Email is still the most popular communication tool for private users and businesses alike, making it an attractive target for cybercriminals. The rise in both emails with malware attachments and drive-by-attacks also indicates that malware distributors don't shift their focus from one attack vector to another. To the contrary, they diversify their attack methods in order to increase the efficiency of their campaigns and in order to bypass some anti-spam and antivirus measures."

The Commtouch Internet Threat Analysis Team regularly publishes related statistics within its report. The quarterly report is compiled based on a comprehensive analysis of billions of daily transactions handled by Commtouch's GlobalViewT Cloud.

To view the Commtouch Q1 Internet Threats Trend Report, visit:

About Commtouch

Commtouch® (NASDAQ: CTCH) is a leading provider of Internet security technology and cloud-based services for vendors and service providers, increasing the value and profitability of our customer's solutions by protecting billions of Internet transactions on a daily basis. With 12 global data centers and award-winning, patented technology, Commtouch's email, Web, and antivirus capabilities easily integrate into our customers' products and solutions, keeping safe more than 350 million end users. To learn more, visit

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights