Trojans Now 70% Of All Malware, Report Says

Ads for Viagra & Co. account for 87 percent of all spam e-mail

June 15, 2010

5 Min Read


Berlin – June 15, 2010 – Trojans comprise almost three-quarters of all malware sent by e-mail. At the same time, the volume of malware has climbed considerably since the beginning of the year. These findings are reported in the E-Mail Security Report June 2010 presented today by the leading German e-mail security specialist eleven. The vast majority (87 percent of all spam e-mail) of all spam e-mails is pharmaceutical-related. Germany continues to be among the top spam senders worldwide. In May, 2010, it was just behind the USA, which took the top spot.

The three most important trends at a glance:

• In May, 2010, eleven discovered the first spam e-mail containing multiple topics, such as a single e-mail advertising both pharmaceuticals and watches.

• Spam volumes remain at record levels. Spam e-mail accounted on average for 96.2 percent of the entire e-mail traffic in May, 2010.

• Of all malware sent by e-mail in April and May, 2010, Trojans accounted for 69 percent. For malware authors, the expansion of globally active botnets has become the most important activity.

• Since the beginning of the year, the monthly volume of malware spread via e-mail has increased more than fourfold. The share of malware e-mail increased from 0.01 to 0.1 percent of the total.

• While pharmaceutical- and casino-related spam had equal shares for a long time, pharmaceutical spam is now clearly dominant with 87 percent; the share of casino spam has fallen to three percent.

• Germany remains among the top spam senders. The USA is once again in the lead, while Brazil has fallen to fourth place.

Detailed results of the eleven E-Mail Security Report for June 2010

Spam volume

In May, 2010, spam comprised an average of 96.2 percent of total e-mail. “Clean” e-mail made up 2.3 percent, and legitimate mass mailings – such as newsletters – made up 0.8 percent. Total spam volume in May was slightly (approx. 10 percent) higher than in March, 2010.

Source countries

In April and May, 2010, spam distribution was spread much more uniformly among various countries than in the previous months. an indication that the proliferation of botnets is reaching more and more regions. Germany retained its top position among spam senders. With 7.8 percent of all spam e-mails, German IP addresses were only slightly behind the USA, with 8.0 percent. New in third place was India (7.3 percent), followed by Brazil, the previous leader, at 7.2 percent.

Spam topics

Pharmaceutical topics dominated the spam landscape more than they have in a long time. Where pharmaceutical ads accounted for 66 percent of all spam e-mail in March, their share reached 87 percent by May. In contrast, the share of casino spam, still suffering from the deactivation of several botnets in the first quarter of 2010, fell to only three percent. Second place now goes to offers for counterfeit luxury watches.

A new novelty: spam e-mails combining two topics. For example, eleven found spam e-mail advertising pharmaceuticals as well as watches. It remains to be seen whether this development is an indication that spammers also need to cut costs.

Specifically German spam trends in May, 2010 include e-mail messages claiming to be from the Federal Labor Office, featuring ostensible job offers for couriers or test shoppers. The experts at eleven suspect that the goal of these mailings was to find people willing to make their bank accounts available for the transfer of funds from unknown sources, that is, for money laundering. Using the Federal Labor Office as the purported sender was intended to enhance the legitimacy of the offers, making it easier to lure recipients.


Of the malware distributed by e-mail in May, 2010, Trojans accounted for 70 percent. Malware e-mail increased their share of total e-mail volume from 0.01 to 0.1 percent compared with January, 2010. The average malware volume increased fourfold in the same period. In the opinion of the experts at eleven, this shows that the expansion of botnets has become the highest priority of the malware authors, and the buildout has increased considerably in intensity.

Above all, variants of the Sasfis Trojan experienced a comeback and occupied the top three places among harmful software distributed by e-mail. Top position went to TR/Crypt.ULPM.Gen, with a share of 40.77 percent of all malware e-mail, followed by HIDDENEXT/CryptedHIDDENEXT/Worm.Gen and HIDDENEXT/Worm.Gen;HIDDENEXT/Crypted. A common feature of all three was that they were largely distributed via delivery messages ostensibly from post and package services.


The most important phishing targets in May, 2010 were Google AdWord accounts and DHL Packstations. Of course the AdWords login link did not lead to the correct Google AdWords account, and the threats to deactivate the Packstation locker served only to spy out access data.

eleven E-Mail Security Report

Six times a year, the eleven E-Mail Security Report summarizes current figures and trends on the topics of spam and malware. The eleven research team analyses the spam and virus e-mail that is checked by eleven’s Managed E-Mail Security Services, summarizes the results and interprets them. eleven checks more than a billion e-mail messages daily and has a network of more than 30,000 installations around the world.

eleven – E-mail security "Made in Germany"

eleven is a leading e-mail security provider based in Germany. Its eXpurgate technology, which is unique worldwide, offers a spam filter and e-mail categorization service that protects the user reliably from spam and phishing, detects potentially dangerous e-mail and can distinguish between individual messages and any kind of mass e-mail. eXpurgate also offers numerous virus protection options and a powerful e-mail firewall.

Over 45,000 companies of all sizes use eXpurgate to check and categorize more than a billion e-mail messages every day. Customers include Internet service providers and telecommunication carriers such as T-Online, O2, Vodafone and freenet as well as many well-known companies and public institutions, including Air Berlin, the Federal Association of German Banks, DATEV, the Free University of Berlin, Landesbank Berlin, Mazda, RTL, ThyssenKrupp and Tobit Software AG. For more information, visit our website at:

Company contact:

eleven GmbH

Sascha Krieger

Hardenbergplatz 2

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights