After a lull of several months, spammers have stepped up activity in February. According to Kaspersky Lab data, the proportion of spam in email traffic grew by nearly 13 percentage points and averaged 71% for the month, higher than the average for January and the last three months of 2012.
Italy was the country targeted most by malicious emails in February. The country’s share of mail antivirus detections grew by 9.4 percentage points and averaged 14.4%, pushing long-term leader the US into 2nd place.
Fake notifications from different financial organisations remain one of the most popular tools for distributing malware via email. This trick was especially popular in Italy where the spammers most often utilised Trojan-Banker.HTML.Agent.p which came 2nd in February’s Top 10 malicious programmes spread via email.
This Trojan appears in the form of a HTML page imitating registration forms of well-known banks or e-pay systems which are used by phishers to steal users’ credentials for online banking systems.
One company name that is especially popular with the fraudsters is Google. In February, they launched a mass mailing that included the Google name notifying users that their resume was under consideration. To avoid any confusion, the recipient was encouraged to open the attached file to check their resume was correct. The attachment was a zip archive containing malware designed to steal passwords and other confidential data on the user’s computer.
There were major shifts in the geographical distribution of spam flows. In February, South Korea was the main source of spam sent to European users: the volume of junk email originating from that country grew 27.7 percentage points and averaged 50.9%. Last month’s leader China (3%) fell to 6th place in February with a considerable drop of 36.6 percentage points. Such significant changes in the share of spam produced by these two countries may be due to the fact that a group of spammers started distributing from a different botnet.
In February, the US topped the rating of the leading sources of spam worldwide. The amount of spam sent from China halved resulting in a drop to second place. As was the case in January, South Korea came third.
“Such a dramatic increase in the amount of spam in February hardly marks the beginning of a new trend. It was most probably caused by a decline in the share of junk email during the January holidays when many of the computers used in botnets to distribute spam were turned off. Moreover, the proportion of unsolicited messages in February was still slightly lower when compared with the average for the whole of 2012. In any case, we don’t expect any more dramatic changes in the near future,” said Darya Gudkova, Head of Content Analysis & Research, Kaspersky Lab.
“Of special concern right now is the fact that the majority of malicious attachments in spam are programmes designed to steal users’ credentials for online banking systems. They appear in the form of HTML pages imitating registration forms. Users should be especially careful with such emails and the attachments should not be opened; online banking pages should only be accessed via a browser.”