According to the latest spam report from Kaspersky Lab, spam accounted for an average of 84.4% of the total volume of email traffic. One of the most significant events in the last quarter was an unprecedentedly large mass mailing that used HTML-based threats in the form of emails disguised as legitimate notifications from social networks.
An email was distributed that was made to look like a notification from social networks, email providers and popular websites such as Facebook, Twitter, Digg, Amazon, Windows Live, YouTube, Skype, and Wikipedia. These emails were very reminiscent of phishing attempts. However, if a user clicked on the link, they would be taken to a hacked site, from where a malicious script would then be downloaded.
A total of three Trojan downloaders were present in the Top 10 during the second quarter. Prior to the June attack, none of these email threats had ranked among the Top 10. This change clearly indicates a planned spam attack.
The USA went firmly into the lead this quarter with 15% of all spam emanating from there, while India remains a steady second place with 8.5%. Vietnam climbed two places to come in third in the chart. However, there was plenty of jockeying for position throughout the quarter. In April, the USA, India, and Vietnam were neck and neck with 12.3%, 11.7%, and 11.6% respectively, while in May, the USA unequivocally stepped into the lead with 20.8% of all spam. The share of spam coming from South Africa was no more than 0.35% of the global total.
Quite unexpectedly, Italy (3.3%) and Spain (2.8%) joined the Top 10 sources of spam. Last quarter, these countries were ranked a lowly 14th and 15th place respectively on the chart. Furthermore, the amount of unwanted correspondence originating in Latin America increased to 16.3% of the total spam content.
In addition to PayPal, eBay, and HSBC, the other top phishing targets included Facebook with 6.03% and the Google email system with 2.84%, according to Kaspersky.
The full version of the Q2, 2010 spam report is available at Kaspersky’s SecureList site.
Spam and spammed attacks << How do you deal with spam?