07:43 PM
Dark Reading
Dark Reading
Products and Releases

Commtouch Q1 Internet Threats Trend Report Highlights Strong Increase In Spam And Dangerous Email

100 billion spam and 1 billion malware emails daily

MCLEAN, Virginia, May 1, 2013 /PRNewswire/ --

Unwanted and dangerous email increased dramatically in the first quarter of 2013, according to a Q1 Internet Threats Trend Report issued by Commtouch(R)

(NASDAQ: CTCH), a leading provider of Internet security technology and cloud-based services. During the first quarter of 2013, an average of 97.4 billion spam emails and 973 million malware emails were sent worldwide each day.

In March, the number of daily spam emails significantly exceeded the 100 billion mark (117.8 billion).

Spam levels doubled between December 2012 and March 2013, a 98% increase.

Phishing also increased dramatically, with the number of phishing emails swelling to more than 74% in March, compared to the previous December.

The largest increase, however, could be observed with email-borne malware:

levels of emails carrying known malware were 157% higher in March than in December. For virus outbreaks, the increase was a stunning 290%.

The biggest part of this growth occurred in March. Compared to February, spam levels increased by 41%, known malware by 75%, and virus outbreaks by 124%. Only phishing volumes broke the trend, as they only increased by eight percent in March. The current increase is unusual in that historically spam and malware levels rarely correspond. In the past, when one category increased, the other often decreased or at least stagnated. The significance of the first quarter growth is underlined by comparisons with the respective volumes in March 2012: In March 2013, spam levels were 48% higher than the previous year, malware emails were 255% higher, and malware outbreaks were 251% higher. Only phishing levels decreased since March 2012.

Other report highlights:

- Pump and dump spam, also known as penny stock spam, one of the most

popular topics among spammers between 2006 and 2008, made a forceful comeback in Q1

after having all but disappeared in previous years. In March 2013, pump and dump spam

dominated the list of spam topics. Eighteen percent of the top 25 spam emails (with a

combined volume of 46% of all spam) were pump and dump mailings. The trick was

the same as in previous years. The emails advertise cheap shares with very small

trading volumes, indicating there was significant earning potential in them. If only a

few recipients can be fooled into buying the stock, the value will rise significantly

and the spammers who have bought shares at the lower price can cash in.

- In Web security, the first quarter of 2013 saw extensive usage of the

Blackhole exploit kit. The kit is installed on target Web sites allowing the

installation of drive-by malware. The JavaScript on the page scans the visiting system

to determine the versions of popular software. Once the kit has determined that there

is vulnerability, the relevant exploit is loaded, allowing the controller to gain a

foothold on the infected system. The Blackhole controller can then deliver further

malicious content.

- Current news events were extensively used to lure email users to Web sites

infected with malware. Fake email news alerts allegedly coming from CNN or the BBC

exploited breaking news stories, such as the election of the new pope and the

financial crisis in Cyprus. They linked to Web sites carrying the Blackhole exploit


- The United States was the largest source of spam in the first quarter of 2013,

topping the list of spam senders with a share of 9.1 percent of the overall volume.

The United States was followed by Belarus (6.5%), Spain (5.6%), Argentina (5.0%) and

India (4.3%).

"The dramatic rise in the quantity of unwanted and dangerous emails during the first quarter of 2013 shows that email communication is still one of the key attack vectors," said Avi Turiel, director of threat research and market analysis at Commtouch. "Email is still the most popular communication tool for private users and businesses alike, making it an attractive target for cybercriminals. The rise in both emails with malware attachments and drive-by-attacks also indicates that malware distributors don't shift their focus from one attack vector to another. To the contrary, they diversify their attack methods in order to increase the efficiency of their campaigns and in order to bypass some anti-spam and antivirus measures."

The Commtouch Internet Threat Analysis Team regularly publishes related statistics within its report. The quarterly report is compiled based on a comprehensive analysis of billions of daily transactions handled by Commtouch's

GlobalView(TM) Cloud [http://www.commtouch.com/cloud ].

To view the Commtouch Q1 Internet Threats Trend Report, visit:


About Commtouch

Commtouch(R) (NASDAQ: CTCH) is a leading provider of Internet security technology and cloud-based services for vendors and service providers, increasing the value and profitability of our customer's solutions by protecting billions of Internet transactions on a daily basis. With 12 global data centers and award-winning, patented technology, Commtouch's email, Web, and antivirus capabilities easily integrate into our customers' products and solutions, keeping safe more than 350 million end users. To learn more, visit http://www.commtouch.com.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
New Mirai Version Targets Business IoT Devices
Dark Reading Staff 3/19/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Reading Schneier's Friday Squid Blog again?
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-03-18
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version that could allow a malicious user with local access to execute code with administrative privileges.
PUBLISHED: 2019-03-18
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
PUBLISHED: 2019-03-17
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
PUBLISHED: 2019-03-15
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
PUBLISHED: 2019-03-15
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.