Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:16 AM
Dark Reading
Dark Reading
Products and Releases

Trojans Now 70% Of All Malware, Report Says

Ads for Viagra & Co. account for 87 percent of all spam e-mail

Berlin – June 15, 2010 – Trojans comprise almost three-quarters of all malware sent by e-mail. At the same time, the volume of malware has climbed considerably since the beginning of the year. These findings are reported in the E-Mail Security Report June 2010 presented today by the leading German e-mail security specialist eleven. The vast majority (87 percent of all spam e-mail) of all spam e-mails is pharmaceutical-related. Germany continues to be among the top spam senders worldwide. In May, 2010, it was just behind the USA, which took the top spot.

The three most important trends at a glance:

• In May, 2010, eleven discovered the first spam e-mail containing multiple topics, such as a single e-mail advertising both pharmaceuticals and watches.

• Spam volumes remain at record levels. Spam e-mail accounted on average for 96.2 percent of the entire e-mail traffic in May, 2010.

• Of all malware sent by e-mail in April and May, 2010, Trojans accounted for 69 percent. For malware authors, the expansion of globally active botnets has become the most important activity.

• Since the beginning of the year, the monthly volume of malware spread via e-mail has increased more than fourfold. The share of malware e-mail increased from 0.01 to 0.1 percent of the total.

• While pharmaceutical- and casino-related spam had equal shares for a long time, pharmaceutical spam is now clearly dominant with 87 percent; the share of casino spam has fallen to three percent.

• Germany remains among the top spam senders. The USA is once again in the lead, while Brazil has fallen to fourth place.

Detailed results of the eleven E-Mail Security Report for June 2010

Spam volume

In May, 2010, spam comprised an average of 96.2 percent of total e-mail. “Clean” e-mail made up 2.3 percent, and legitimate mass mailings – such as newsletters – made up 0.8 percent. Total spam volume in May was slightly (approx. 10 percent) higher than in March, 2010.

Source countries

In April and May, 2010, spam distribution was spread much more uniformly among various countries than in the previous months. an indication that the proliferation of botnets is reaching more and more regions. Germany retained its top position among spam senders. With 7.8 percent of all spam e-mails, German IP addresses were only slightly behind the USA, with 8.0 percent. New in third place was India (7.3 percent), followed by Brazil, the previous leader, at 7.2 percent.

Spam topics

Pharmaceutical topics dominated the spam landscape more than they have in a long time. Where pharmaceutical ads accounted for 66 percent of all spam e-mail in March, their share reached 87 percent by May. In contrast, the share of casino spam, still suffering from the deactivation of several botnets in the first quarter of 2010, fell to only three percent. Second place now goes to offers for counterfeit luxury watches.

A new novelty: spam e-mails combining two topics. For example, eleven found spam e-mail advertising pharmaceuticals as well as watches. It remains to be seen whether this development is an indication that spammers also need to cut costs.

Specifically German spam trends in May, 2010 include e-mail messages claiming to be from the Federal Labor Office, featuring ostensible job offers for couriers or test shoppers. The experts at eleven suspect that the goal of these mailings was to find people willing to make their bank accounts available for the transfer of funds from unknown sources, that is, for money laundering. Using the Federal Labor Office as the purported sender was intended to enhance the legitimacy of the offers, making it easier to lure recipients.


Of the malware distributed by e-mail in May, 2010, Trojans accounted for 70 percent. Malware e-mail increased their share of total e-mail volume from 0.01 to 0.1 percent compared with January, 2010. The average malware volume increased fourfold in the same period. In the opinion of the experts at eleven, this shows that the expansion of botnets has become the highest priority of the malware authors, and the buildout has increased considerably in intensity.

Above all, variants of the Sasfis Trojan experienced a comeback and occupied the top three places among harmful software distributed by e-mail. Top position went to TR/Crypt.ULPM.Gen, with a share of 40.77 percent of all malware e-mail, followed by HIDDENEXT/CryptedHIDDENEXT/Worm.Gen and HIDDENEXT/Worm.Gen;HIDDENEXT/Crypted. A common feature of all three was that they were largely distributed via delivery messages ostensibly from post and package services.


The most important phishing targets in May, 2010 were Google AdWord accounts and DHL Packstations. Of course the AdWords login link did not lead to the correct Google AdWords account, and the threats to deactivate the Packstation locker served only to spy out access data.

eleven E-Mail Security Report

Six times a year, the eleven E-Mail Security Report summarizes current figures and trends on the topics of spam and malware. The eleven research team analyses the spam and virus e-mail that is checked by eleven’s Managed E-Mail Security Services, summarizes the results and interprets them. eleven checks more than a billion e-mail messages daily and has a network of more than 30,000 installations around the world.

eleven – E-mail security "Made in Germany"

eleven is a leading e-mail security provider based in Germany. Its eXpurgate technology, which is unique worldwide, offers a spam filter and e-mail categorization service that protects the user reliably from spam and phishing, detects potentially dangerous e-mail and can distinguish between individual messages and any kind of mass e-mail. eXpurgate also offers numerous virus protection options and a powerful e-mail firewall.

Over 45,000 companies of all sizes use eXpurgate to check and categorize more than a billion e-mail messages every day. Customers include Internet service providers and telecommunication carriers such as T-Online, O2, Vodafone and freenet as well as many well-known companies and public institutions, including Air Berlin, the Federal Association of German Banks, DATEV, the Free University of Berlin, Landesbank Berlin, Mazda, RTL, ThyssenKrupp and Tobit Software AG. For more information, visit our website at: http://www.eleven.de.

Company contact:

eleven GmbH

Sascha Krieger

Hardenbergplatz 2

10623 Berlin

Tel.: +49 (0)30 / 52 00 56-0

E-mail: [email protected]


Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-12
INTELBRAS TELEFONE IP TIP200 version allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx.
PUBLISHED: 2021-04-12
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover pa...
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory ...
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the sam...
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.