Kaspersky Lab

Spam in May: an Education in Fake Notifications

London (UK), July 2014 - The percentage of spam in email traffic in May averaged 69.8 per cent - 1.3 percentage points less than the previous month. May saw numerous mass mailings for schools and colleges offering distance learning; other spam mailings were more straightforward, simply inviting users to buy a qualification. All that was required was a donation to a church that would then officially award an honorary doctorate to the benefactor.

There were also many offers to help struggling graduates repay their student loans. The messages urged recipients to follow a link to a site where they would find adverts for organisations that recruit volunteers and staff for non-profit institutions. In the US it is possible to enroll in state programs that offer credits to people if they perform some kind of service for their community, and these credits can offset student loans. However, the mailings came from unknown senders who regularly change their email addresses, and not from an official source. The links in the messages went to newly created websites that prompted users to submit personal data.

Also in May, scammers sent out fake notifications on behalf of the popular iTunes Store. The recipients were informed about the alleged purchase of an application; the email even specified the name of the product and the price. The attached file, which was supposedly the invoice, in fact contained Trojan-Banker.Win32.Shiotob.f. This family of Trojans steals passwords stored in FTP clients and monitors browser traffic to intercept login details.

Phishing

Email search sites (32.2 per cent) topped the rating of organisations most frequently targeted by phishers this month. Second came social networks (23.9 per cent), headed by Facebook. Financial and payment organisations were in third place with 12.8 per cent (+0.2 percentage points), followed by online stores (12.1 per cent), whose share also grew 0.2 percentage points from April.

The UK had the highest proportion of email antivirus detections with 13.5 per cent. The US (9.9 per cent) dropped to second, while Germany (8.2 per cent) remained in third. With regards to malicious attachments, five out of the ten most popular malicious programs spread by email were representatives of the Bublik family. Their main functionality is the unauthorised download and installation of new versions of malware onto victim computers.

"Spammers are constantly thinking up new tricks or turning to old favourites to catch their victims. It's not just about advertising: -‹-‹this month we came across a number of mass mailings imitating official notifications from various services and companies. The attachments in these emails contained malware from the Andromeda family. This family consists of backdoors that allow attackers to silently control infected computers, which often become part of a botnet. If you don't want to worry about these sorts of things, we recommend installing an Internet Security-class protection solution," commented Tatyana Shcherbakova, Senior Spam Analyst at Kaspersky Lab.