Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

6/15/2010
10:16 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Trojans Now 70% Of All Malware, Report Says

Ads for Viagra & Co. account for 87 percent of all spam e-mail

Berlin – June 15, 2010 – Trojans comprise almost three-quarters of all malware sent by e-mail. At the same time, the volume of malware has climbed considerably since the beginning of the year. These findings are reported in the E-Mail Security Report June 2010 presented today by the leading German e-mail security specialist eleven. The vast majority (87 percent of all spam e-mail) of all spam e-mails is pharmaceutical-related. Germany continues to be among the top spam senders worldwide. In May, 2010, it was just behind the USA, which took the top spot.

The three most important trends at a glance:

• In May, 2010, eleven discovered the first spam e-mail containing multiple topics, such as a single e-mail advertising both pharmaceuticals and watches.

• Spam volumes remain at record levels. Spam e-mail accounted on average for 96.2 percent of the entire e-mail traffic in May, 2010.

• Of all malware sent by e-mail in April and May, 2010, Trojans accounted for 69 percent. For malware authors, the expansion of globally active botnets has become the most important activity.

• Since the beginning of the year, the monthly volume of malware spread via e-mail has increased more than fourfold. The share of malware e-mail increased from 0.01 to 0.1 percent of the total.

• While pharmaceutical- and casino-related spam had equal shares for a long time, pharmaceutical spam is now clearly dominant with 87 percent; the share of casino spam has fallen to three percent.

• Germany remains among the top spam senders. The USA is once again in the lead, while Brazil has fallen to fourth place.

Detailed results of the eleven E-Mail Security Report for June 2010

Spam volume

In May, 2010, spam comprised an average of 96.2 percent of total e-mail. “Clean” e-mail made up 2.3 percent, and legitimate mass mailings – such as newsletters – made up 0.8 percent. Total spam volume in May was slightly (approx. 10 percent) higher than in March, 2010.

Source countries

In April and May, 2010, spam distribution was spread much more uniformly among various countries than in the previous months. an indication that the proliferation of botnets is reaching more and more regions. Germany retained its top position among spam senders. With 7.8 percent of all spam e-mails, German IP addresses were only slightly behind the USA, with 8.0 percent. New in third place was India (7.3 percent), followed by Brazil, the previous leader, at 7.2 percent.

Spam topics

Pharmaceutical topics dominated the spam landscape more than they have in a long time. Where pharmaceutical ads accounted for 66 percent of all spam e-mail in March, their share reached 87 percent by May. In contrast, the share of casino spam, still suffering from the deactivation of several botnets in the first quarter of 2010, fell to only three percent. Second place now goes to offers for counterfeit luxury watches.

A new novelty: spam e-mails combining two topics. For example, eleven found spam e-mail advertising pharmaceuticals as well as watches. It remains to be seen whether this development is an indication that spammers also need to cut costs.

Specifically German spam trends in May, 2010 include e-mail messages claiming to be from the Federal Labor Office, featuring ostensible job offers for couriers or test shoppers. The experts at eleven suspect that the goal of these mailings was to find people willing to make their bank accounts available for the transfer of funds from unknown sources, that is, for money laundering. Using the Federal Labor Office as the purported sender was intended to enhance the legitimacy of the offers, making it easier to lure recipients.

Malware

Of the malware distributed by e-mail in May, 2010, Trojans accounted for 70 percent. Malware e-mail increased their share of total e-mail volume from 0.01 to 0.1 percent compared with January, 2010. The average malware volume increased fourfold in the same period. In the opinion of the experts at eleven, this shows that the expansion of botnets has become the highest priority of the malware authors, and the buildout has increased considerably in intensity.

Above all, variants of the Sasfis Trojan experienced a comeback and occupied the top three places among harmful software distributed by e-mail. Top position went to TR/Crypt.ULPM.Gen, with a share of 40.77 percent of all malware e-mail, followed by HIDDENEXT/CryptedHIDDENEXT/Worm.Gen and HIDDENEXT/Worm.Gen;HIDDENEXT/Crypted. A common feature of all three was that they were largely distributed via delivery messages ostensibly from post and package services.

Phishing

The most important phishing targets in May, 2010 were Google AdWord accounts and DHL Packstations. Of course the AdWords login link did not lead to the correct Google AdWords account, and the threats to deactivate the Packstation locker served only to spy out access data.

eleven E-Mail Security Report

Six times a year, the eleven E-Mail Security Report summarizes current figures and trends on the topics of spam and malware. The eleven research team analyses the spam and virus e-mail that is checked by eleven’s Managed E-Mail Security Services, summarizes the results and interprets them. eleven checks more than a billion e-mail messages daily and has a network of more than 30,000 installations around the world.

eleven – E-mail security "Made in Germany"

eleven is a leading e-mail security provider based in Germany. Its eXpurgate technology, which is unique worldwide, offers a spam filter and e-mail categorization service that protects the user reliably from spam and phishing, detects potentially dangerous e-mail and can distinguish between individual messages and any kind of mass e-mail. eXpurgate also offers numerous virus protection options and a powerful e-mail firewall.

Over 45,000 companies of all sizes use eXpurgate to check and categorize more than a billion e-mail messages every day. Customers include Internet service providers and telecommunication carriers such as T-Online, O2, Vodafone and freenet as well as many well-known companies and public institutions, including Air Berlin, the Federal Association of German Banks, DATEV, the Free University of Berlin, Landesbank Berlin, Mazda, RTL, ThyssenKrupp and Tobit Software AG. For more information, visit our website at: http://www.eleven.de.

Company contact:

eleven GmbH

Sascha Krieger

Hardenbergplatz 2

10623 Berlin

Tel.: +49 (0)30 / 52 00 56-0

E-mail: [email protected]

http://www.eleven.de

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4147
PUBLISHED: 2019-09-16
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
CVE-2019-5481
PUBLISHED: 2019-09-16
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
PUBLISHED: 2019-09-16
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-15741
PUBLISHED: 2019-09-16
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-16370
PUBLISHED: 2019-09-16
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.