Kaspersky Lab Reports: Great Britain was Target Number One for Spammers Sending Malicious Attachments in August
Kaspersky Lab has analyzed the evolution of spam in August. According to the company’s experts, the US ranks first among countries which are sources of spam distributed around the world, while the UK now leads the ranking based on the number of mail antivirus detections. August saw phishing activity increase almost 1.5 times with 32 million detections. Yahoo! was attacked so often (6.4%) that it displaced Windows Live as one of the top 3 organizations attacked by phishers, ranking next to Google and Facebook.
- The ranking of countries as sources of spam is led by the US with 16% (+0.7% from July), followed by Russia with 6% (+0.4%). China is in third position with 4.7% (-0.6%).
- In August, the UK was target number one for spammers sending malicious attachments. It had 13.2% of all detections, adding 6.3 percentage points in a month and pushing Germany (9.6%) and the US (7.7%) down to second and third positions, respectively.
- The average proportion of spam in mail traffic was 67.2%, which was just 0.2 percentage points higher than in the previous month. At the same time, August saw a 62% increase in the number of phishing attacks compared to July.
- Australia was the country most affected by phishing attacks – its share doubled to 24.4%. This pushed Brazil (19.5%) down to second position. The UK (15.2%), Canada (14.6%) and India (14.5%) came third, fourth and fifth, respectively.
- Google services (12.6%) remained in top position among organizations attacked by phishers. Facebook (10%) stayed in second place, while the Yahoo! search engine and services came third (6.4%).
Malicious court summons and more
In August, Kaspersky Lab experts detected malicious files distributed via mail traffic disguised as (fake) court summons. The messages informed recipients that they were summoned to a court as defendants and they needed to familiarize themselves with information in the attachment before the hearing started. The archive attached contained the Kuluoz Trojan designed to download and launch other malware.
Cybercriminals who distributed malicious attachments in spam messages again used fake Facebook notifications as a lure for users. According to the message text, the social network had been hacked, so the developers were asking users to install the utility attached in order to avoid problems in future. Instead of the promised utility, the ZIP archive attached to the message contained the Haze Trojan-Downloader, which is used by cybercriminals to download other malware, including code designed to steal personal data from the computer’s owner or send infected messages to all the addresses in the contact list.
The top 3 positions in August’s malware ranking were taken by Trojans, the top two of which – Redirector and Fraud – are HTML-pages. Redirector steers users to an infected site, where they are usually invited to download Binbot – a service for automatically trading in popular binary options. As for Fraud, it is used as a registration form for online banking services and sends stolen financial information to phishers. The third position is taken by the Upatre Trojan-Downloader. Malware in this family usually downloads a Trojan-Banker designed to attack financial institutions.
“In August, we recorded a significant 62% increase in the number of phishing attacks. This is probably due to a seasonal decline in the demand for advertising spam. To keep making money cybercriminals have switched to other types of spam, including phishing scams. By faking messages from well-known services, social networks or financial organizations, phishers significantly improve the chances of their spam being successful. To avoid becoming a victim, remember these simple rules: check the sender address and be particularly careful with messages containing attachments. It’s better to contact the company directly than trust an email and lose your personal data,” commented Tatyana Shcherbakova, Antispam Analyst at Kaspersky Lab.
The full text of the August report is available on the Securelist website.
This news content was configured by WebWire editorial staff. Linking is permitted.
News Release Distribution and Press Release Distribution Services Provided by WebWire.