Kaspersky Lab: Beware of email attachments

Kaspersky Lab to open office in Rwanda
Kaspersky Lab’s solutions and services will be offered to all industries and for all kinds of businesses in Rwanda and the wider region.

Kaspersky LabEmail is a vital tool to not only businesses, but also when it comes to an individual’s personal content and messages. We often receive a multitude of emails each day; however, not all of them are as safe as we would like them to be.

In June 2014, Kaspersky Lab registered an increase in fraudulent messages sent out on behalf of booking services. These false notifications imitate hotel or air ticket booking confirmations and usually contain Trojan spyware masked as bills for reservations. US video game maker Electronic Arts was at the center of a major scam last month as phishers used fake notifications in an attempt to access users’ personal accounts in the company’s online store, Origin.

Also in the cross fire, the political events in Ukraine were again used by alleged “Nigerian” scams for luring money from credulous users. This time, the author of the email presented himself as a personal assistant to a Ukrainian female politician who was among the first victims of the clashes in Kiev. As is usual with these types of letter, the deceased has left her assistant millions of dollars that have to be urgently transferred from Ukraine to the account of a foreign recipient. The assistant is promised a reward and a certain amount of money to cover any fees that may arise when transferring the money.

As a rule, fraudulent messages imitating correspondence from booking services, contained the Ursnif Trojan that steals confidential data and sends it to a remote server. It can listen to network traffic, download and run other malicious programmes, as well as disable some system applications such as the firewall. The phishers who tried to access the personal accounts for Electronic Art’s Origin online store used the old trick of sending out an email saying the online store was enhancing account protection and asked the recipients to confirm they held an account.

June 2014 spam in figures:

– Percentage of spam in email traffic averaged 64.8%, which was 5% less than in May this year.
– Top three sources of spam around the world in June were the US (13.2%), Russia (7%) and China (5.6%).
– Germany saw a big surge in the number of antivirus detections, doubling the previous month’s share to 16.4% and removing the UK off top spot – the latter’s share halved to 7%. The US remained in second place on 9%.

Once again topping the list of malware spread by email was Trojan-Spy.HTML.Fraud.gen. This threat appears as an HTML phishing website and sends email disguised as an important notification from banks, online stores, and software developers. Trojan-Downloader.MSWord.Agent.z was in second place. This malicious programme is a *.doc file with embedded macros that downloads and runs other malicious programmes. In third place was a Trojan downloader from the Bublik family – it’s main functionality is the unauthorised download and installation of new versions of malware onto victim’s computers.

“In June, high-profile political and sporting events were used by scammers to trick users. In the run-up to the recent Soccer World Cup, a huge event for football fans, phishers were trying to obtain banking information from users by asking them to participate in the competition to win tickets. ‘Nigerian’ scammers again exploited the situation in Ukraine and asked for help to transfer non-existent millions,” commented Tatyana Shcherbakova, Anti-Spam Analyst at Kaspersky Lab.


Email search sites (32.1%) again topped the rating of organisations most frequently attacked, with a slight drop of 0.2% from the previous month. Second were Social networks (27.7%), with an increase of 3.7% compared to May. Financial and payment organisations (11.6%) and Online stores (10.6%) declined by 1.2 and 1.5% respectively. The proportion of attacks targeting Telephone and Internet service providers fell by 0.1 %, leaving this category in fifth place in the rating.

The full report is available at securelist.com.