Cybercriminals embrace the recession and romance while targeted trojans try new fake header techniques

February 24, 2009

5 Min Read


CUPERTINO, Calif. " February 24, 2009" Symantec Corp. (Nasdaq: SYMC) today announced the publication of its February 2009 MessageLabs Intelligence Report. Analysis highlights that although spam declined by 1.3 percent to 73.3 percent of all emails in February, levels as high as 79.5 percent were experienced at the start of the month due to a spike in botnet activity and spammers leveraging the financial crisis and Valentine's Day for their latest spam antics.

"February saw the spammers pulling at both the heart and the purse strings with the emphasis on Valentine's Day and the global recession. Although spam levels declined slightly this month, the level of activity around Valentine's themed spam reached unprecedented highs accounting for nine percent of all spam messages," said Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec. "With the financial crisis front of mind for many organizations and consumers, spammers and phishers are using this topic to their advantage and targeting people when times are tough."

For the first time in more than a year, February saw the re-appearance of search engine re-directs which topically referenced the financial crisis. The 'recession spam' email messages contained text such as "Money is tight, times are hard. Christmas is over. Time to get a new watch!" The phishing community also used the current financial climate to their advantage; at a time when concerned consumers may not be surprised to hear from their banks, phishing attacks have risen to one in 190.4 emails, from one in 396.2 in January 2009. Since the beginning of February, the proportion of Valentine's Day themed spam rose from two percent to more than nine percent, with the vast majority of this type of spam, almost seven percent, originating from the Cutwail (Pandex) botnet. Currently the largest botnet, Cutwail dedicated approximately 90 percent of its output to Valentine's Day messages, estimated at seven billion each day.

Finally, MessageLabs Intelligence intercepted a new technique involving forged headers on targeted Trojan attacks. Added to an email as it is passed between two mail servers, headers act as a vapour trail so that the path of that email can be tracked. With many attackers not bothering to include headers as a means of falsely authenticating their emails, the use of real-world examples in the most recent attempts made the email stand out as being suspicious.

Other report highlights: Web security: Analysis of Web security activity shows that 26.1 percent of all web-based malware intercepted was new in February. MessageLabs Intelligence also identified an average of 941 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, a decrease of 22.1 percent since January.

Spam: In February 2009, the global ratio of spam in email traffic from new and previously unknown bad sources was 73.3 percent (1 in 1.36 emails), a decrease of 1.3 percent since January.

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 304.9 emails (0.33 percent), a decrease of 0.06 percent since January. In February, 3.7 percent of email-borne malware contained links to malicious sites, a decrease of 7.6 percent since January.

Phishing: One in 190.4 (0.53 percent) emails comprised some form of phishing attack, rising significantly since January 2009 levels of one in 396.2 emails. When judged as a proportion of all email-borne threats such as viruses and Trojans, the number of phishing emails had decreased by 3.4 percent to 61.6 percent of all email-borne malware threats intercepted in February.

Geographical Trends: Spam levels in France fell by 9.2 percent in February; however France retained its position as the most spammed country with levels reaching 74.6 percent of all email. All countries received a slight reprieve from spam this month with spam levels in the US falling to 57 percent, 52.6 percent in Canada and 66.6 percent in the UK. Germany's spam rate reached 69.1 percent and 67.4 percent in the Netherlands. Spam levels were Australia were 68.5 percent, 72.8 percent in Hong Kong, 67.8 percent in China and 65.6 percent in Japan. Virus activity in India rose by 0.16 percent to 1 in 197.4 emails, placing it in the top position for viruses. Virus levels for the UK were 213.3, 1 in 424.5 for the US, 1 in 217.1 for Canada and 1 in 573.8 for Australia. Virus levels for Germany were 1 in 203.6 and in Japan they reached 1 in 450.8.

Vertical Trends: In February, the most spammed industry sector with a spam rate of 67.9 percent was the Education sector. Chemical and Pharmaceutical sector spam levels reached 59.8 percent, 63.3 percent for Retail, 62.5 percent for Public Sector and 58.9 percent for Finance. Virus activity in the Accommodation & Catering sector rose by 0.42 percent, taking the vertical to the top of the table with 1 in 95.5 emails being infected. Virus levels for the IT Services sector were 1 in 347.5, 1 in 356.4 for Retail and 1 in 505.5 for Finance.

The February 2009 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available at Symantec's MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights