Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:16 AM
Dark Reading
Dark Reading
Products and Releases

Trojans Now 70% Of All Malware, Report Says

Ads for Viagra & Co. account for 87 percent of all spam e-mail

Berlin – June 15, 2010 – Trojans comprise almost three-quarters of all malware sent by e-mail. At the same time, the volume of malware has climbed considerably since the beginning of the year. These findings are reported in the E-Mail Security Report June 2010 presented today by the leading German e-mail security specialist eleven. The vast majority (87 percent of all spam e-mail) of all spam e-mails is pharmaceutical-related. Germany continues to be among the top spam senders worldwide. In May, 2010, it was just behind the USA, which took the top spot.

The three most important trends at a glance:

• In May, 2010, eleven discovered the first spam e-mail containing multiple topics, such as a single e-mail advertising both pharmaceuticals and watches.

• Spam volumes remain at record levels. Spam e-mail accounted on average for 96.2 percent of the entire e-mail traffic in May, 2010.

• Of all malware sent by e-mail in April and May, 2010, Trojans accounted for 69 percent. For malware authors, the expansion of globally active botnets has become the most important activity.

• Since the beginning of the year, the monthly volume of malware spread via e-mail has increased more than fourfold. The share of malware e-mail increased from 0.01 to 0.1 percent of the total.

• While pharmaceutical- and casino-related spam had equal shares for a long time, pharmaceutical spam is now clearly dominant with 87 percent; the share of casino spam has fallen to three percent.

• Germany remains among the top spam senders. The USA is once again in the lead, while Brazil has fallen to fourth place.

Detailed results of the eleven E-Mail Security Report for June 2010

Spam volume

In May, 2010, spam comprised an average of 96.2 percent of total e-mail. “Clean” e-mail made up 2.3 percent, and legitimate mass mailings – such as newsletters – made up 0.8 percent. Total spam volume in May was slightly (approx. 10 percent) higher than in March, 2010.

Source countries

In April and May, 2010, spam distribution was spread much more uniformly among various countries than in the previous months. an indication that the proliferation of botnets is reaching more and more regions. Germany retained its top position among spam senders. With 7.8 percent of all spam e-mails, German IP addresses were only slightly behind the USA, with 8.0 percent. New in third place was India (7.3 percent), followed by Brazil, the previous leader, at 7.2 percent.

Spam topics

Pharmaceutical topics dominated the spam landscape more than they have in a long time. Where pharmaceutical ads accounted for 66 percent of all spam e-mail in March, their share reached 87 percent by May. In contrast, the share of casino spam, still suffering from the deactivation of several botnets in the first quarter of 2010, fell to only three percent. Second place now goes to offers for counterfeit luxury watches.

A new novelty: spam e-mails combining two topics. For example, eleven found spam e-mail advertising pharmaceuticals as well as watches. It remains to be seen whether this development is an indication that spammers also need to cut costs.

Specifically German spam trends in May, 2010 include e-mail messages claiming to be from the Federal Labor Office, featuring ostensible job offers for couriers or test shoppers. The experts at eleven suspect that the goal of these mailings was to find people willing to make their bank accounts available for the transfer of funds from unknown sources, that is, for money laundering. Using the Federal Labor Office as the purported sender was intended to enhance the legitimacy of the offers, making it easier to lure recipients.


Of the malware distributed by e-mail in May, 2010, Trojans accounted for 70 percent. Malware e-mail increased their share of total e-mail volume from 0.01 to 0.1 percent compared with January, 2010. The average malware volume increased fourfold in the same period. In the opinion of the experts at eleven, this shows that the expansion of botnets has become the highest priority of the malware authors, and the buildout has increased considerably in intensity.

Above all, variants of the Sasfis Trojan experienced a comeback and occupied the top three places among harmful software distributed by e-mail. Top position went to TR/Crypt.ULPM.Gen, with a share of 40.77 percent of all malware e-mail, followed by HIDDENEXT/CryptedHIDDENEXT/Worm.Gen and HIDDENEXT/Worm.Gen;HIDDENEXT/Crypted. A common feature of all three was that they were largely distributed via delivery messages ostensibly from post and package services.


The most important phishing targets in May, 2010 were Google AdWord accounts and DHL Packstations. Of course the AdWords login link did not lead to the correct Google AdWords account, and the threats to deactivate the Packstation locker served only to spy out access data.

eleven E-Mail Security Report

Six times a year, the eleven E-Mail Security Report summarizes current figures and trends on the topics of spam and malware. The eleven research team analyses the spam and virus e-mail that is checked by eleven’s Managed E-Mail Security Services, summarizes the results and interprets them. eleven checks more than a billion e-mail messages daily and has a network of more than 30,000 installations around the world.

eleven – E-mail security "Made in Germany"

eleven is a leading e-mail security provider based in Germany. Its eXpurgate technology, which is unique worldwide, offers a spam filter and e-mail categorization service that protects the user reliably from spam and phishing, detects potentially dangerous e-mail and can distinguish between individual messages and any kind of mass e-mail. eXpurgate also offers numerous virus protection options and a powerful e-mail firewall.

Over 45,000 companies of all sizes use eXpurgate to check and categorize more than a billion e-mail messages every day. Customers include Internet service providers and telecommunication carriers such as T-Online, O2, Vodafone and freenet as well as many well-known companies and public institutions, including Air Berlin, the Federal Association of German Banks, DATEV, the Free University of Berlin, Landesbank Berlin, Mazda, RTL, ThyssenKrupp and Tobit Software AG. For more information, visit our website at: http://www.eleven.de.

Company contact:

eleven GmbH

Sascha Krieger

Hardenbergplatz 2

10623 Berlin

Tel.: +49 (0)30 / 52 00 56-0

E-mail: [email protected]


Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-03-08
Pollbot is open source software which "frees its human masters from the toilsome task of polling for the state of things during the Firefox release process." In Pollbot before version 1.4.4 there is an open redirection vulnerability in the path of "https://pollbot.services.mozilla.com...
PUBLISHED: 2021-03-08
MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-04T00-53-13Z it is possible to bypass a readOnly policy by creating a temporary 'mc share upload' URL. Everyone is impacted who uses ...
PUBLISHED: 2021-03-08
IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, an attacker can view unencrypted data leading to a loss of confidentiality.
PUBLISHED: 2021-03-08
IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105.
PUBLISHED: 2021-03-08
IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 193247.