Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


07:43 PM
Dark Reading
Dark Reading
Products and Releases

Commtouch Q1 Internet Threats Trend Report Highlights Strong Increase In Spam And Dangerous Email

100 billion spam and 1 billion malware emails daily

MCLEAN, Virginia, May 1, 2013 /PRNewswire/ --

Unwanted and dangerous email increased dramatically in the first quarter of 2013, according to a Q1 Internet Threats Trend Report issued by Commtouch(R)

(NASDAQ: CTCH), a leading provider of Internet security technology and cloud-based services. During the first quarter of 2013, an average of 97.4 billion spam emails and 973 million malware emails were sent worldwide each day.

In March, the number of daily spam emails significantly exceeded the 100 billion mark (117.8 billion).

Spam levels doubled between December 2012 and March 2013, a 98% increase.

Phishing also increased dramatically, with the number of phishing emails swelling to more than 74% in March, compared to the previous December.

The largest increase, however, could be observed with email-borne malware:

levels of emails carrying known malware were 157% higher in March than in December. For virus outbreaks, the increase was a stunning 290%.

The biggest part of this growth occurred in March. Compared to February, spam levels increased by 41%, known malware by 75%, and virus outbreaks by 124%. Only phishing volumes broke the trend, as they only increased by eight percent in March. The current increase is unusual in that historically spam and malware levels rarely correspond. In the past, when one category increased, the other often decreased or at least stagnated. The significance of the first quarter growth is underlined by comparisons with the respective volumes in March 2012: In March 2013, spam levels were 48% higher than the previous year, malware emails were 255% higher, and malware outbreaks were 251% higher. Only phishing levels decreased since March 2012.

Other report highlights:

- Pump and dump spam, also known as penny stock spam, one of the most

popular topics among spammers between 2006 and 2008, made a forceful comeback in Q1

after having all but disappeared in previous years. In March 2013, pump and dump spam

dominated the list of spam topics. Eighteen percent of the top 25 spam emails (with a

combined volume of 46% of all spam) were pump and dump mailings. The trick was

the same as in previous years. The emails advertise cheap shares with very small

trading volumes, indicating there was significant earning potential in them. If only a

few recipients can be fooled into buying the stock, the value will rise significantly

and the spammers who have bought shares at the lower price can cash in.

- In Web security, the first quarter of 2013 saw extensive usage of the

Blackhole exploit kit. The kit is installed on target Web sites allowing the

installation of drive-by malware. The JavaScript on the page scans the visiting system

to determine the versions of popular software. Once the kit has determined that there

is vulnerability, the relevant exploit is loaded, allowing the controller to gain a

foothold on the infected system. The Blackhole controller can then deliver further

malicious content.

- Current news events were extensively used to lure email users to Web sites

infected with malware. Fake email news alerts allegedly coming from CNN or the BBC

exploited breaking news stories, such as the election of the new pope and the

financial crisis in Cyprus. They linked to Web sites carrying the Blackhole exploit


- The United States was the largest source of spam in the first quarter of 2013,

topping the list of spam senders with a share of 9.1 percent of the overall volume.

The United States was followed by Belarus (6.5%), Spain (5.6%), Argentina (5.0%) and

India (4.3%).

"The dramatic rise in the quantity of unwanted and dangerous emails during the first quarter of 2013 shows that email communication is still one of the key attack vectors," said Avi Turiel, director of threat research and market analysis at Commtouch. "Email is still the most popular communication tool for private users and businesses alike, making it an attractive target for cybercriminals. The rise in both emails with malware attachments and drive-by-attacks also indicates that malware distributors don't shift their focus from one attack vector to another. To the contrary, they diversify their attack methods in order to increase the efficiency of their campaigns and in order to bypass some anti-spam and antivirus measures."

The Commtouch Internet Threat Analysis Team regularly publishes related statistics within its report. The quarterly report is compiled based on a comprehensive analysis of billions of daily transactions handled by Commtouch's

GlobalView(TM) Cloud [http://www.commtouch.com/cloud ].

To view the Commtouch Q1 Internet Threats Trend Report, visit:


About Commtouch

Commtouch(R) (NASDAQ: CTCH) is a leading provider of Internet security technology and cloud-based services for vendors and service providers, increasing the value and profitability of our customer's solutions by protecting billions of Internet transactions on a daily basis. With 12 global data centers and award-winning, patented technology, Commtouch's email, Web, and antivirus capabilities easily integrate into our customers' products and solutions, keeping safe more than 350 million end users. To learn more, visit http://www.commtouch.com.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Cognitive Bias Can Hamper Security Decisions
Kelly Sheridan, Staff Editor, Dark Reading,  6/10/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-06-16
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
PUBLISHED: 2019-06-15
The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.
PUBLISHED: 2019-06-15
In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.
PUBLISHED: 2019-06-15
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
PUBLISHED: 2019-06-15
formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.