Germany was just slightly behind Brazil on the list of source countries for spam, according to the E-Mail Security Report

April 26, 2010

5 Min Read


Berlin - More and more of the spam received by German companies also originated in Germany according to the E-Mail Security Report for April 2010 published today by eleven, the leading German e-mail security specialist. With 16.2 percent of all spam e-mails, Germany was just slightly behind Brazil (16.5 percent) on the list of source countries for spam. The spreading of malware was concentrated on short but massive waves, which swept over the recipients predominantly at the beginning of each month. Despite a slight decline of 12.6 percent as a result of the shutdown of three major botnets, spam continues to account for 96.2 percent of the entire e-mail volume.

The three most important trends at a glance: . Brazil took the top spot among spam senders again in March, followed by Germany. The previous leader USA dropped to third place. . In February and March, e-mail-based malware was spread predominantly in short waves, mostly during the first five days of each month. . Spam e-mails accounted on average for 96.2 percent of the entire e-mail traffic in March. . Casino spam dropped to almost nothing as a result of the botnet shutdowns. Instead, several pharmaceutical spam campaigns dominated the scene. . Event-related spam was clearly on the rise in February and March, dominated by current events like the earthquakes in Haiti and Chile as well as the introduction of the iPad in addition to seasonal events like Valentine's Day and St. Patrick's day.

Detailed results of the eleven E-Mail Security Report for April 2010

Spam development Spam accounted on average for 96.2 percent of the entire German e-mail volume in March of 2010. "Clean" e-mail messages accounted for 2.4 percent, while requested mass mailings (newsletters) accounted for 0.9 percent. E-mail messages transporting malware amounted to roughly 0.2 percent.

The entire spam volume was about 12.6 percent lower than in February. The reasons for the decline were the absence of huge spam peaks, which used to be caused predominantly by spam waves for gambling sites. Because of the complete or partial shutdown of three leading botnets, gambling spam dropped to almost nothing in March.

Source countries In terms of source countries, Germany accounted for a significant increase in the IP addresses of spam senders in February and March of this year. In March, for example, 16.2 percent of all spam messages received in Germany also originated in Germany, which ranked just behind the new leader Brazil (16.5 percent). The USA, which was the No. 1 source of spam in January, dropped to third place with 14.0 percent.

Spam campaigns Because of the absence of gambling spam waves, pharmaceutical spam expanded its leading position, accounting for 66 percent of all spam in March. Canadian pharmacy spam, which dominated the spam landscape particularly in the second half of 2009, experienced a comeback. With a share of 13.64 percent of the total spam volume, Canadian pharmacy spam took the top spot in spam mailings, followed by two new campaigns for erectile dysfunction drugs. The traffic for all three mailings was relatively even and did not exhibit any major peaks.

Event spam February and March also saw several spam and phishing waves related to current issues and events. Taking advantage of the earthquakes in Haiti and Chile, phishers tried to gain access to people's account data, and in connection with Valentine's Day and St. Patrick's Day there were renewed attempts to infect computers with malware (especially Trojans) that were linked to executable attachments often masquerading as e-cards. eleven also observed occasional spam mailings that were linked to the start of the Apple iPad.

Phishing In addition to Facebook and other social networks, banks accounted for more phishing attacks again. The eleven research team took a closer look at one campaign that targeted an internationally operating British bank: The e-mails contained a request to enter personal data such as the recipient's account number and PIN/TAN along with links to specially prepared Internet pages. These pages were "parked" in the domain of a German sports club, which the phishers had penetrated and which would easily pass all reputation-based Web filters. In most cases, such attempts take advantage of security gaps in popular open-source server software or content management systems. After the domain's hosting provider was notified, the compromised account was quickly closed.

Malware Malware saw a continuation of the trend toward very short but very intensive waves. What was noticeable in February and March was the fact that these waves occurred almost exclusively early in the month, in particularly between the 1st and the 5th of each month. The reason for this may be that the spammers try to "charge" the botnets at the start of each month in order to fill any gaps caused by shutdowns of individual networks or ISPs. That's also why once again Trojans, droppers and worms serving such purposes dominated. The leaders were WORM/NetSky.P, HIDDENEXT/Worm.Gen and TR/Dropper.Gen. The TR/Crypt.XPACK.Gen back-door Trojan was particularly active in February.

eleven E-Mail Security Report The eleven E-Mail Security Report summarizes the latest spam and malware trends and figures six times per year. The eleven research team analyzes the spam and virus e-mail that is checked by eleven's Managed E-Mail Security Services, summarizes the results, and interprets them. eleven checks more than a billion e-mail messages daily and has a network of more than 30,000 installations around the world.

eleven - E-mail security "Made in Germany" eleven is a leading e-mail security provider based in Germany. Its eXpurgate technology provides a unique spam filtering and e-mail categorization service that protects the user reliably from spam and phishing, detects potentially dangerous e-mails and is able to distinguish between individual messages and any kind of mass e-mail. eXpurgate also offers numerous virus protection options and a powerful e-mail firewall.

Our customers include Internet service providers and telecommunication carriers like T-Online, O2, Vodafone and freenet as well as many notable companies and public institutions, including Air Berlin, the Federal Association of German Banks, DATEV, the Free University of Berlin, Landesbank Berlin, Mazda, RTL and Tobit Software AG. For more information, visit

Company contact: eleven GmbH Sascha Krieger Hardenbergplatz 2

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights