Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

03:52 PM
Dark Reading
Dark Reading
Products and Releases

October Spam: Santa, Scams And Sorcery

Trojan fraud remained the most popular malicious program spread via email, according to Kaspersky Lab's latest spam report

ABINGDON, England, November 22, 2013 /PRNewswire/ --

October saw spammers exploiting the themes of upcoming holidays, the names of well-known telecommunication service providers and the conflict in Syria, according to Kaspersky Lab's latest spam report

[http://www.securelist.com/en/analysis/204792313/Spam_in_October_2013 ]. A rise of 6.6 percentage points in unsolicited and malicious emails took spam's share of global email traffic to 72.5% for the

[http://www.securelist.com/en/analysis/204792313/Spam_in_October_2013 ] month.

Trojan fraud remained the most popular malicious program spread via email. This Trojan imitates a phishing HTML page and is distributed via email. It mimics notifications from major commercial banks, online shopping sites and various other online services. Once users land on the site, they are prompted to enter their credentials - which are immediately forwarded to the fraudsters, jeopardising the victims' confidential information.

Trojan Fareit, a malicious program designed to steal logins and passwords from compromised computers, came second in October's rating. Bagle climbed back to third place. Like most mail worms, Bagle self-proliferates to addresses in the victim's address book and can download other malicious programs onto a computer without the user's knowledge.

According to the report, fraudsters are also increasingly using the names of well-known telecoms companies to spread malicious programs. In September, they used BT Group

[http://www.securelist.com/en/analysis/204792309/Spam_in_September_2013 ]'s name to distribute the Trojan downloader Dofoil. In October, they targeted Canada's national telecom operator, Telus Mobility. An attached ZIP archive contained Trojan Zbot, a malicious program designed to steal users' banking information.

The fraudsters use rootkit technologies which allow them to successfully hide their executable files and processes from the system (but not from antivirus programs).

Tatyana Shcherbakova, Senior Spam Analyst at Kaspersky Lab, commented: "In most cases, spam mass mailings with malicious attachments target users' confidential data. The fraudsters are looking for new ways to trick users and are actively expanding their list of high-profile company names for use in scams. Users should be very careful with any email containing executable .exe attachments or ZIP archives. The contents of the email should also be taken into consideration.

Whenever you are asked to open an attachment, you should be very careful, and at the very least scan the attachment with the help of an antivirus program."

In October, Kaspersky Lab also registered spam mailings offering some rather unusual services - love spells and incantations. Fraudsters were less creative when it came to festive spam, with the makers of Santa-shaped USB sticks and similar festive season goods seeming to have run out of ideas - spammers are mostly using the same designs as last year, having changed only the address in the 'From' field and added links to newly created redirection sites.

The situation in Syria is being actively exploited by spammers [http://www.securelist.com/en/blog/8137/Nigerian_letters_now_with_a_Syrian_twist

] to spread "Nigerian letter" scams. In October, Kaspersky Lab continued to register new examples of fraudulent emails. For example, there was a mass mailing claiming to come from a female member of the "peacekeeping mission" in Syria who was hoping to form a serious relationship with the recipient of the email. On first glance, this seemed an innocent attempt to make friends, but once the scammers gained the victim's confidence, the "pen pal" immediately hit a problem which only a money transfer from their new friend could solve.

In terms of the geographical location of spam, Asia (56.4%) remained the leading regional spam source in October despite a slight drop (-2.4 percentage

points) in spammer activity. North America came second after distributing 19% of global spam. Eastern Europe's share went up 3.8 percentage points, averaging 16%, and placing the region third in the rating.

The full version of the spam report for October 2013 is available at securelist.com.

[http://www.securelist.com/en/analysis/204792313/Spam_in_October_2013 ]

About Kaspersky Lab

Kaspersky Lab is the world's largest privately held vendor of endpoint protection solutions. The company is ranked among the world's top four vendors of security solutions for endpoint users*. Throughout its more than 16-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers.

Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at http://www.kaspersky.co.uk. [http://www.kaspersky.co.uk ]

* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2012. The rating was published in the IDC report "Worldwide Endpoint Security 2013-2017 Forecast and 2012 Vendor Shares (IDC #242618, August 2013). The report ranked software vendors according to earnings from sales of endpoint security solutions in 20

Follow us on Twitter


Like us on Facebook


Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-11-28
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is ...
PUBLISHED: 2020-11-27
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
PUBLISHED: 2020-11-27
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sani...
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.