Kaspersky Lab has analyzed the evolution of spam in August. According to the company’s experts, the US ranks first among countries which are sources of spam distributed around the world, while the UK now leads the ranking based on the number of mail antivirus detections. August saw phishing activity increase almost 1.5 times with 32 million detections. Yahoo! was attacked so often (6.4%) that it displaced Windows Live as one of the top 3 organizations attacked by phishers, ranking next to Google and Facebook.
In August, Kaspersky Lab experts detected malicious files distributed via mail traffic disguised as (fake) court summons. The messages informed recipients that they were summoned to a court as defendants and they needed to familiarize themselves with information in the attachment before the hearing started. The archive attached contained the Kuluoz Trojan designed to download and launch other malware.
Cybercriminals who distributed malicious attachments in spam messages again used fake Facebook notifications as a lure for users. According to the message text, the social network had been hacked, so the developers were asking users to install the utility attached in order to avoid problems in future. Instead of the promised utility, the ZIP archive attached to the message contained the Haze Trojan-Downloader, which is used by cybercriminals to download other malware, including code designed to steal personal data from the computer’s owner or send infected messages to all the addresses in the contact list.
The top 3 positions in August’s malware ranking were taken by Trojans, the top two of which – Redirector and Fraud – are HTML-pages. Redirector steers users to an infected site, where they are usually invited to download Binbot – a service for automatically trading in popular binary options. As for Fraud, it is used as a registration form for online banking services and sends stolen financial information to phishers. The third position is taken by the Upatre Trojan-Downloader. Malware in this family usually downloads a Trojan-Banker designed to attack financial institutions.
"In August, we recorded a significant 62% increase in the number of phishing attacks. This is probably due to a seasonal decline in the demand for advertising spam. To keep making money cybercriminals have switched to other types of spam, including phishing scams. By faking messages from well-known services, social networks or financial organizations, phishers significantly improve the chances of their spam being successful. To avoid becoming a victim, remember these simple rules: check the sender address and be particularly careful with messages containing attachments. It’s better to contact the company directly than trust an email and lose your personal data," commented Tatyana Shcherbakova, Antispam Analyst at Kaspersky Lab.
The full text of the August report is available on the Securelist website.