The last few months have seen a growth in malicious spam targeting user logins, passwords and confidential information, according to a Kaspersky Lab report. The report also revealed that while the volume of spam was down by 2.4 percentage points, the proportion of malicious spam grew more than 1.5 times.
Compared to the previous quarter, Q3 2013 saw the level of phishing emails increase threefold. Trojan-Spy.HTML.Fraud.gen topped the rating of the most popular malicious program spread by email. This malware is designed to look like an html page used as a registration form for online banking services and is used by phishers to steal financial information.
The third quarter of 2013 was full of newsworthy events which grabbed public attention, such as the birth of the royal baby in the UK, the FBI hunt for Edward Snowden and the railway accident in Spain. All this news was used by fraudsters to distribute malware. The links contained in these emails led to compromised websites which redirected users to a page with one of the most popular exploit kits – Blackhole. In October, the author of Blackhole, known as Paunch, was arrested in Russia. What this will mean for the future of the kit remains unclear, but Kaspersky Lab experts suggest it could lead to a drop in the number of malicious “news” mailings.
“In the third quarter we came across a very interesting mass mailing where the fraudsters imitated a reply from the technical support service of a large antivirus company. The email informed the user that a file which he had allegedly sent for analysis turned out to be malware. The ‘technical support engineer’ attached a ‘signature’, advising that it would disinfect the computer. However, if users opened the attachment, they would find a malicious program detected by Kaspersky Anti-Virus as Email-Worm.Win32.NetSky.q.,” commented Darya Gudkova, Head of Content Analysis & Research at Kaspersky Lab.
There was little change in the leading spam sources by country in Q3. The location of botnets appears to be relatively stable, or at least there is a lull in the active relocation of botnets. Asia remained the number one regional source of spam (56.51 per cent). It was followed by North America (20.09 per cent) and Western Europe (13.47 per cent).