Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:16 AM
Dark Reading
Dark Reading
Products and Releases

Trojans Now 70% Of All Malware, Report Says

Ads for Viagra & Co. account for 87 percent of all spam e-mail

Berlin – June 15, 2010 – Trojans comprise almost three-quarters of all malware sent by e-mail. At the same time, the volume of malware has climbed considerably since the beginning of the year. These findings are reported in the E-Mail Security Report June 2010 presented today by the leading German e-mail security specialist eleven. The vast majority (87 percent of all spam e-mail) of all spam e-mails is pharmaceutical-related. Germany continues to be among the top spam senders worldwide. In May, 2010, it was just behind the USA, which took the top spot.

The three most important trends at a glance:

• In May, 2010, eleven discovered the first spam e-mail containing multiple topics, such as a single e-mail advertising both pharmaceuticals and watches.

• Spam volumes remain at record levels. Spam e-mail accounted on average for 96.2 percent of the entire e-mail traffic in May, 2010.

• Of all malware sent by e-mail in April and May, 2010, Trojans accounted for 69 percent. For malware authors, the expansion of globally active botnets has become the most important activity.

• Since the beginning of the year, the monthly volume of malware spread via e-mail has increased more than fourfold. The share of malware e-mail increased from 0.01 to 0.1 percent of the total.

• While pharmaceutical- and casino-related spam had equal shares for a long time, pharmaceutical spam is now clearly dominant with 87 percent; the share of casino spam has fallen to three percent.

• Germany remains among the top spam senders. The USA is once again in the lead, while Brazil has fallen to fourth place.

Detailed results of the eleven E-Mail Security Report for June 2010

Spam volume

In May, 2010, spam comprised an average of 96.2 percent of total e-mail. “Clean” e-mail made up 2.3 percent, and legitimate mass mailings – such as newsletters – made up 0.8 percent. Total spam volume in May was slightly (approx. 10 percent) higher than in March, 2010.

Source countries

In April and May, 2010, spam distribution was spread much more uniformly among various countries than in the previous months. an indication that the proliferation of botnets is reaching more and more regions. Germany retained its top position among spam senders. With 7.8 percent of all spam e-mails, German IP addresses were only slightly behind the USA, with 8.0 percent. New in third place was India (7.3 percent), followed by Brazil, the previous leader, at 7.2 percent.

Spam topics

Pharmaceutical topics dominated the spam landscape more than they have in a long time. Where pharmaceutical ads accounted for 66 percent of all spam e-mail in March, their share reached 87 percent by May. In contrast, the share of casino spam, still suffering from the deactivation of several botnets in the first quarter of 2010, fell to only three percent. Second place now goes to offers for counterfeit luxury watches.

A new novelty: spam e-mails combining two topics. For example, eleven found spam e-mail advertising pharmaceuticals as well as watches. It remains to be seen whether this development is an indication that spammers also need to cut costs.

Specifically German spam trends in May, 2010 include e-mail messages claiming to be from the Federal Labor Office, featuring ostensible job offers for couriers or test shoppers. The experts at eleven suspect that the goal of these mailings was to find people willing to make their bank accounts available for the transfer of funds from unknown sources, that is, for money laundering. Using the Federal Labor Office as the purported sender was intended to enhance the legitimacy of the offers, making it easier to lure recipients.


Of the malware distributed by e-mail in May, 2010, Trojans accounted for 70 percent. Malware e-mail increased their share of total e-mail volume from 0.01 to 0.1 percent compared with January, 2010. The average malware volume increased fourfold in the same period. In the opinion of the experts at eleven, this shows that the expansion of botnets has become the highest priority of the malware authors, and the buildout has increased considerably in intensity.

Above all, variants of the Sasfis Trojan experienced a comeback and occupied the top three places among harmful software distributed by e-mail. Top position went to TR/Crypt.ULPM.Gen, with a share of 40.77 percent of all malware e-mail, followed by HIDDENEXT/CryptedHIDDENEXT/Worm.Gen and HIDDENEXT/Worm.Gen;HIDDENEXT/Crypted. A common feature of all three was that they were largely distributed via delivery messages ostensibly from post and package services.


The most important phishing targets in May, 2010 were Google AdWord accounts and DHL Packstations. Of course the AdWords login link did not lead to the correct Google AdWords account, and the threats to deactivate the Packstation locker served only to spy out access data.

eleven E-Mail Security Report

Six times a year, the eleven E-Mail Security Report summarizes current figures and trends on the topics of spam and malware. The eleven research team analyses the spam and virus e-mail that is checked by eleven’s Managed E-Mail Security Services, summarizes the results and interprets them. eleven checks more than a billion e-mail messages daily and has a network of more than 30,000 installations around the world.

eleven – E-mail security "Made in Germany"

eleven is a leading e-mail security provider based in Germany. Its eXpurgate technology, which is unique worldwide, offers a spam filter and e-mail categorization service that protects the user reliably from spam and phishing, detects potentially dangerous e-mail and can distinguish between individual messages and any kind of mass e-mail. eXpurgate also offers numerous virus protection options and a powerful e-mail firewall.

Over 45,000 companies of all sizes use eXpurgate to check and categorize more than a billion e-mail messages every day. Customers include Internet service providers and telecommunication carriers such as T-Online, O2, Vodafone and freenet as well as many well-known companies and public institutions, including Air Berlin, the Federal Association of German Banks, DATEV, the Free University of Berlin, Landesbank Berlin, Mazda, RTL, ThyssenKrupp and Tobit Software AG. For more information, visit our website at: http://www.eleven.de.

Company contact:

eleven GmbH

Sascha Krieger

Hardenbergplatz 2

10623 Berlin

Tel.: +49 (0)30 / 52 00 56-0

E-mail: [email protected]


Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-16
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8 (V8.12) (All versions < V8.12.5), Mendix Applications using Mendix 8 (V8.6) (All versions <...
PUBLISHED: 2021-04-16
Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction.
PUBLISHED: 2021-04-16
Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links. An unauthenticated attacker could exploit this to elevate privileges in the context of the current user.
PUBLISHED: 2021-04-16
Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to rewrite the file of the administrator, which may lead to elevated permissions. Exploitation of this issue requires user interaction.
PUBLISHED: 2021-04-16
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.