November 30, 2014 (Sun): The launch of iPhone 6, along with the Ice Bucket Challenge initiative, were the two main topics that spammers used to promote junk mailings in the third quarter. This is one of the main conclusions from Kaspersky Lab’s research into the landscape of spam threats.
Spam and Phishing in Q3: Main Findings
- Spam accounted for 66.9% of all email traffic in Q3. That is 1.7 percentage points (p.p.) less than in Q2
- The US (14% of spam), Russia (6.1%) and Vietnam (6%) were the three biggest sources of spam in Q3
- The ranking of malicious attachments detected by Kaspersky Lab products in spam was topped by Trojan.JS.Redirector.adf – a Trojan that redirects users to a malicious page. This malware scored 2.8% of detections reported by mail antivirus.
- Andromeda malware, which hands criminals stealthy control over victim PCs, led the ranking of the most widespread malicious families: almost 12.35% of all malicious software detected by Kaspersky Lab technologies in spam belongs to this family. Second place is held by the Zeus/Zbot family that targets online banking users, with 10.59% of detections by mail antivirus.
- Phishing that targeted online financial services accounted for 38.23% of all detections registered by Kaspersky Lab products. That is 13.39 p.p. more than in Q2
- Phishing against banks showed the highest growth rate in the financial category: + 6.16 p.p.
- The vast majority of phishing detections in the payment systems category were targeting users of PayPal (32.08%), Visa (31.51%) and American Express (24.83%).
Spammers were keen to exploit the popularity of the Apple iPhone smartphone, and that influenced the topics they chose in the third quarter. Criminals started sending out unwanted messages about the iPhone 6 long before the official presentation was held by Apple at the beginning of September. The new smartphone was offered as a prize for different marketing contests and surveys. There were also fraudulent mailings offering big discounts on the official price of the new model. Of course none of these offers had any truth in them; they were solely used to attract users to a fraudulent scheme or a web service that the spammers wanted to promote.
Phishers were also keen to capitalize on interest in the iPhone. Different campaigns throughout the whole quarter used the Apple brand, and each news hook involving the company and its products was pounced upon by the fraudsters.
Kaspersky Lab experts saw several instances where a rapid increase in Apple-related phishing detections could be linked to the launch of new products, such as new MacBooks (end of July) and iPhone 6 (beginning of September).
Fraudsters also actively reacted to the news of celebs being hacked online, a story that reportedly involved Apple cloud services being compromised. Interestingly, this is very typical behavior for fraudsters. Last year Kaspersky Lab experts registered an increase in detections on product launch dates.
The Ice Bucket Challenge, a popular activity asking participants to douse themselves with cold water and make donations to Project ALS, an organization that fights Amyotrophic lateral sclerosis, was another big topic for criminals. In the last quarter Kaspersky Lab experts detected malicious spam mailings inviting victims to watch the video of another IBC participant. However the attachments in these messages contained the malicious Backdoor.Win32.Androm.euop program allowing criminals to take control of the compromised computer.
“Although we’ve seen a small decrease of the amount of spam in email traffic, some warning trends are still clear. We detected a lot of malicious attachments targeting users’ private data, including financial information, and the number of detections of phishing web pages that target users’ money grew significantly. We expect that these trends will continue into the fourth quarter,” said Tatyana Shcherbakova, Senior Spam Analyst at Kaspersky Lab.