Spam in March: Surge in Phishing Attacks on e-Stores

Despite the increased share of phishing attacks on online stores, the most frequently attacked category of organization was still social networking sites (23.5%). In March users of LinkedIn risked giving away their personal data as a result of phishing scams. There were also lots of malicious attachments sent on behalf of various well-known financial organizations. These attachments often contained malware that stole browser cookies or passwords for email programs and sent the data to a remote server run by cybercriminals.

Phishing

Social networks were once again the organizations most frequently used in phishing attacks. March saw cybercriminals compromise LinkedIn, a business-oriented social network with 200 million members all over the world. A mass mailing with a St. Patrick's Day theme offerd users a free premium account with the networking site. To enter the account the recipient had to click a link that led to a phishing page rather than to the official LinkedIn site. The login and password entered by the user were forwarded to the fraudsters.

Second after social networks was the email and instant messenger services category (16.6%). The share of search engines (14.4%) and financial and e-pay organizations dropped by 2 and 3.5 percentage points respectively, resulting in search engines leapfrogging financial services into third place. The proportion of phishing attacks on online stores grew by 8.9 percentage points, moving that category up two places to fifth (12.8%).

The most widespread malicious email attachments in March

• Trojan-Spy.HTML.Fraud.gen – a fake HTML page sent to users by email disguised as an important message from large commercial banks, online stores, software companies etc.
• Aspxor network worm - automatically infects websites, downloads and executes other software, and collects valuable data on the computer.
• Email-Worm.Win32.Bagle.gt – an email worm that sends copies of itself to all email addresses found on an infected computer. The worm also downloads files from the Internet without the user’s knowledge.
• Zbot Trojan that specializes in stealing confidential information.
• The Bublik family of Trojan downloaders – downloads malicious files to user machines and then launches them.
• The Andromeda family of backdoors that allows cybercriminals to secretly control infected computers and add them to botnets.

Maria Vergelis, Spam Analyst at Kaspersky Lab commented: “Suppose you get a notification about undeclared income or a message stating that a previously filed tax return was fake. The temptation to find out more is bound to be great, which is why many recipients open the attachments in emails like these. Instead of a financial report, the attachment usually contains a Trojan that steals personal information. Cybercriminals are very resourceful and are constantly coming up with new ways to trick users. Any messages from unknown senders, no matter how important they may seem, should be treated with a lot of skepticism.”

Sources of spam by country

China was the leading spam source with 24.6% of all distributed spam, an increase of 1.7 percentage points from the previous month. The US was second (17%; a decrease of 2 percentage points). South Korea came third having spread 13.6% of the world’s spam, 0.8 percentage points more than in February. These three countries accounted for over half of all spam sent worldwide.

Mail antivirus detections by country – Top 3

US (12%), UK (9.8%) and Germany (9.1%).

Proportion of spam in email traffic

The percentage of spam in global email traffic in March decreased by 6.4 percentage points and averaged 63.5%.

The full report is available at securelist.com.