Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

03:07 PM
Dark Reading
Dark Reading
Products and Releases

PandaLabs: 89.88% Of Email Was Spam In '08

Sexual performance enhancers and pharmaceuticals were the most common subjects used by spam in 2008

GLENDALE, Calif., Jan. 28, 2009 " PandaLabs, Panda Security's malware analysis and detection today revealed the results from its analysis on 430 million email messages from 2008 and discovered that only 8.4 percent of messages that reached companies were legitimate. Some 89.88 percent of messages were spam, while 1.11 percent were infected with some type of malware. This data has been compiled after the analysis by TrustLayer Mail, the clean mail managed service from Panda Security.

% spam %infected % dangerous % suspicious Clean mail January 76.27 1.84 0.59 0.64 20.66 February 87.83 3.08 0.46 0.62 8.01 March 86.51 1.32 0.45 0.53 11.19 April 94.75 0.88 0.12 0.12 4.13 May 94.71 0.97 0.03 0.07 4.22 June 93.35 0.87 0.01 0.16 5.61 July 90.43 0.98 0.11 0.55 7.93 August 93.01 0.99 1.27 0.18 4.55 September 91.89 2.34 0.19 0.19 5.39 October 90.04 1.92 0.08 0.19 7.77 November 88.36 2.06 0.1 0.33 9.15 December 91.48 1.08 0.05 0.26 7.13 Average 89.88 1.11 0.28 0.32 8.41

Only January 2008 witnessed levels of spam below 80 percent. The amount of spam fluctuated throughout the year, peaking in the second quarter at 94.27 percent of all mail reaching companies.

With respect to infected messages in 2008, the Netsky.P worm was the most frequently detected malicious code. This type of malware activates automatically when users view the infected message through the Microsoft Office Outlook preview pane. It does this by exploiting a vulnerability in Internet Explorer that allows automatic execution of email attachments. The exploit of this vulnerability was detected by PandaLabs as Exploit/iFrame and was the third most frequently detected type of malware in emails by TrustLayer Mail.

"The fact that these two malicious codes often act in unison explains the high number of detections of both," said Luis Corrons, Technical Director of PandaLabs. "Cyber crooks often launch several strains of malware with each exploit to increase the chances of infection, so even if users whose systems are up-to-date are immune to the exploit, they could still fall victim to infection by the worm if they run the attachment."

The Rukap.G backdoor Trojan, designed to allow attackers to take control of a computer, and the Dadobra.Bl Trojan were also among the most prevalent malicious code.

Top Malware in email Netsky.P.worm Bck/Rukap.G Exploit/iFrame Trj/Dadobra.BL Generic Malware Trj/Downloader.PSJ Trj/SpamtaLoad.DO Trj/Downloader.PWR Bck/Haxdoor.PL Trj/Spamtaload.DZ

"For companies, spam is more than just a nuisance. It consumes bandwidth, wastes employees' time and can even cause system malfunctions. In the end, it all results in a loss of productivity," adds Luis Corrons.

Much of this spam was circulated by the extensive network of zombie computers controlled by cyber-crooks. A zombie is a computer infected by a bot, a type of malware allowing cyber criminals to control infected systems. Frequently, these computers are used as a network to drive malicious actions such as the sending of spam. Just in the last three months of the year, 301,000 zombie computers were being put into action every day.

Spam subjects in 2008

With respect to the different types of spam in circulation, 32.25 percent of spam in 2008 was related to pharmaceutical products with sexual performance enhancers accounting for 20.5 percent.

Spam relating to the economic situation also grew significantly throughout 2008. False job offers and fraudulent diplomas accounted for 2.75 percent of all junk mail in the year, while messages promoting mortgages and fake loans were responsible for 4.75 percent.

Spam promoting fake brand products, such a swatches, was responsible for 16.75 percent of the total. This last category nevertheless, dropped from 21 percent in the first half of the year to 12.5 percent in the last six months. To view an entire breakdown of the variety of spam subjects that PandaLabs discovered, please access the data here: http://www.flickr.com/photos/panda_security/3234535186/

About PandaLabs Since 1990, its mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of collective intelligence, Panda Security's new security model which can even detect malware that has evaded other security solutions. Currently, 94 percent of malware detected by PandaLabs is analyzed through this system of collective intelligence. This is complemented through the work of several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), working 24/7 to provide global coverage. This translates into more secure, simpler and more resource-friendly solutions for clients. More information is available in the PandaLabs blog: http://www.pandalabs.com and the Panda Security website: www.pandasecurity.com/usa.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-03-04
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a com...
PUBLISHED: 2021-03-04
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information dis...
PUBLISHED: 2021-03-03
The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive info...
PUBLISHED: 2021-03-03
resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter.
PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/documen...