Symantec today announced the findings of its January Symantec.cloud Intelligence Report, which shows that spammers are using holidays and major events to make their mail more appealing.
Symantec Intelligence has seen more than 10 000 unique domain names compromised with a redirect script written in PHP that contains a reference to the New Year in the file name. These redirect scripts were hosted on compromised Web sites and links to these were included in spam e-mails, which were subsequently blocked by Symantec.cloud.
To further entice recipients to open their messages, spammers used additional social engineering techniques by including parameters in the URL to suggest that the destination is a social networking site.
Symantec Intelligence expects to see spammers taking advantage of other “calendar events” like the Chinese New Year celebrations, which ended on the night of 4 February, and Valentine's Day, which was on 14 February.“We also expect to see plenty of spam and malware taking advantage of some of the major upcoming sporting events this year. We are already seeing references to the Summer Olympics in London (27 July to 12 August) as part of 419 or advance fee fraud messages,” said Mark Smissen, Business Development Manager, Symantec.cloud.
“By relating their mails to widely-celebrated holidays and current events with global interest, spammers and malware authors can (at first glance, at least) make their messages more interesting, and increase the chance of recipients visiting spam Web sites or becoming infected,” Smissen said.
During December, global spam levels dropped, but in January gradually returned to similar levels as in November 2011, which is still lower than the 2011 average. There was an overall decrease in phishing numbers globally and January saw South Africa finally dropping out of the top five countries.
January 2012 highlights:
Spam: The global ratio of spam rose by 1.3% since December, bringing it to 69.0% (one in 1.45 e-mails). This follows a noticeable drop in December, when spam fell to 67.7%. The recent increase means spam has almost returned to the same level as in November 2011.
Spam accounted for 69.5% of e-mail traffic in South Africa.
Phishing: The global phishing rate increased by 0.06 percentage points, taking the average to one in 370.0 e-mails that comprised some form of phishing attack.
E-mail-borne threats: The global ratio of e-mail-borne viruses was one in 295.0 e-mails, a decrease of 0.02 percentage points since December 2011. Twenty-nine percent of e-mail-borne malware contained links to malicious Web sites, unchanged since December 2011.
In South Africa, one in 305.9 e-mails was blocked as malicious.
Web-based malware threats: January saw an average of 2 102 Web sites each day harbouring malware and other potentially unwanted programs including spyware and adware; a decrease of 77.4% since December 2011.
Endpoint threats: The most frequently blocked malware for January was WS.Trojan.H. WS.Trojan.H is generic cloud-based heuristic detection for files that posses characteristics of an as yet unclassified threat. Files detected by this heuristic are deemed by Symantec to pose a risk to users and are therefore blocked from accessing the computer.
January 2012 geographical trends:
* Saudi Arabia became the most spammed geography with a spam rate of 75.5%.
* China was the second most-spammed with 75.0% of e-mail traffic blocked.
* In the US, 69.0% of e-mail was spam and 68.7% in Canada.
* The spam level in the UK was 69.3%.
* In The Netherlands, spam accounted for 70.7% of e-mail traffic, 68.2% in Germany, 69.1% in Denmark and 68.6% in Australia.
* In Hong Kong, 67.5% of e-mail was blocked as spam and 66.7% in Singapore, compared with 65.6% in Japan.
* Spam accounted for 69.5% of e-mail traffic in South Africa and 73.1% in Brazil.
* The Netherlands became the country most targeted for phishing attacks with one in 62.6 e-mails identified.
* The UK was the second most-targeted country, with one in 179.4 e-mails identified as phishing attacks.
* Phishing levels for the US were one in 1 145 and one in 379.9 for Canada.
* In Germany, phishing levels were one in 797.6, one in 330.9 in Denmark.
* In Australia, phishing activity accounted for one in 542.2 e-mails and one in 942.9 in Hong Kong; for Japan it was one in 5 692 and one in 1 156 for Singapore.
* In Brazil, one in 1 007 e-mails was blocked as phishing.
* The Netherlands had the highest ratio of malicious e-mails in January, with one in 61.4 e-mails identified.
* The UK had the second-highest rate, with one in 169.1 e-mails identified.
* In South Africa, one in 305.9 e-mails was blocked as malicious.
* The virus rate for e-mail-borne malware in the US was one in 592.5 and one in 285.4 in Canada.
* In Germany, virus activity reached one in 471.7 and one in 318.1 in Denmark.
* In Australia, one in 327.9 e-mails was malicious.
* For Japan, the rate was one in 1 573, compared with one in 482.9 in Singapore.
* In Brazil, one in 681.7 e-mails contained malicious content.
* The education sector became the most-spammed industry sector, with a spam rate of 71.0%.
* The spam rate for the chemical and pharmaceutical sector was 69.0%, compared with 68.7% for IT services, 68.4% for retail, 68.9% for the public sector and 68.2% for finance.
* The public sector remained the most-targeted by phishing activity in January, with one in 99.1 e-mails.
* Phishing levels for the chemical and pharmaceutical sector reached one in 838.0 and one in 647.8 for the IT services sector, one in 529.4 for retail, one in 169.4 for education and one in 253.7 for finance.
* With one in 90.2 e-mails being blocked as malicious, the public sector remained the most-targeted industry in January.
* The virus rate for the chemical and pharmaceutical sector reached one in 381.3 and one in 399.4 for the IT services sector; one in 407.1 for retail, one in 138.3 for education and one in 236.7 for finance.
* The spam rate for small to medium-sized businesses (one to 250) was 68.9%, compared with 69.1% for large enterprises (2 500+).
* Phishing attacks targeting small to medium-sized businesses (one to 250) accounted for one in 225.2 e-mails, compared with one in 410.9 for large enterprises (2 500+).
* Malicious e-mail-borne attacks destined for small to medium-sized businesses (one to 250) accounted for one in 277.3 e-mails, compared with one in 281.5 for large enterprises (2500+).
The January Symantec.cloud Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends.