Spam in May: an education in fake notifications

TheSamaritan

Spam in May: an education in fake notifications

The percentage of spam inemail traffic in May averaged 69.8% – 1.3 percentage points less than theprevious month. May saw numerous mass mailings for schools and collegesoffering distance learning. Other spam mailings were more straightforward,simply inviting users to buy a qualification. All that was required was adonation to a church that would then officially award an honorary doctorate tothe benefactor.

There were alsomany offers to help struggling graduates repay their student loans. Themessages urged recipients to follow a link to a site where they would findadverts for organizations that recruit volunteers and staff for non-profitinstitutions. In the US it is possible to enroll in state programs that offercredits to people perform some kind of service for their community, and thesecredits can offset student loans. However, the mailings came from unknownsenders that regularly change their email addresses, and not from an officialsource. The links in the messages went to newly created websites that promptedusers to submit personal data.

In May, scammerssent out fake notifications on behalf of the popular iTunes Store. Therecipients were informed about the alleged purchase of an application; theemail even specified the name of the product and the price. The attached file,which was supposedly the invoice, in fact containedTrojan-Banker.Win32.Shiotob.f. This family of Trojans steals passwords storedin FTP clients and monitors browser traffic to intercept login details.

Phishing

Email searchsites (32.2%) topped the rating of organizations most frequently targeted byphishers this month. Second came Social networks (23.9%), headed by Facebook.Financial and payment organizations were in third place with 12.8% (+0.2percentage points) followed by online stores (12.1%) whose share also grew 0.2percentage points from April.

The UK was thecountry with the highest proportion of email antivirus detections with 13.5%.The US (9.9%) dropped to second, while Germany (8.2%) remained in third. Withregards to malicious attachments, five out of the 10 most popular maliciousprograms spread by email were representatives of the Bublik family. Their mainfunctionality is the unauthorized download and installation of new versions ofmalware onto victim computers.

“Spammers areconstantly thinking up new tricks or turning to old favorites to catch outtheir victims. It’s not just about advertising: ​​this month we came across anumber of mass mailings imitating official notifications from various servicesand companies. The attachments in these emails contained malware from theAndromeda family. This family consists of backdoors that allow attackers tosilently control infected computers, which often become part of a botnet. Ifyou don’t want to worry about these sorts of things, we recommend installing anInternet Security class protection solution,” commented Tatyana Shcherbakova,Senior Spam Analyst at Kaspersky Lab.

The full versionof the spam report for May 2014 is available at securelist.com.