Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

Strong Increase in Regionalized Spam and Malware Distribution

The second quarter of 2013 saw a decrease in global spam levels while spam levels varied significantly according to region, indicating that spam distribution is becoming more and more targeted. These are the results of the Q2 Internet Threats Trend Report issued by Commtouch.

During the second quarter, as measured by Commtouch, global spam levels dropped by 34 percent in May and a further 15 percent in June. The average daily spam volume in June was near 54 billion emails per day – the lowest level in several years. In the first quarter of 2013, the average stood at approximately 97 billion spam emails per day.

Regional differences

However, spam levels developed in very different ways depending on region. For example, spam levels in Germany increased by 32 percent throughout Q2. While globally, the share of spam among all emails dropped to 64 percent in June, in Germany that number was as high as 80.4 percent. This was at least partly due to huge spam volumes on June 25th, with levels not seen since November 2011. These were caused by particularly large German-language spam waves advertising online gambling sites targeting German users, resulting in spam levels in Germany three times higher on June 25th than the previous day. In Q2, Commtouch’s researchers observed many such targeted spam campaigns, among them some in Spanish, Italian or Dutch.


“The spam and email security landscape in general became much more diversified according to region during the second quarter of 2013,” said Avi Turiel, director of threat research and market analysis at Commtouch. “The discrepancies between the development of spam levels globally and in specific regions such as Germany show that that the growing trend toward targeted spam and malware distribution has started to affect spam levels in a significant way. This trend has begun to transform the way spam and malware distribution works, posing new detection challenges for security vendors.”


Also in the second quarter, the number of websites infected with malware continued to increase. By June, Commtouch was tracking 34 percent more malicious sites listed in Commtouch’s GlobalView™ URL filtering database than there were in April. The most popular website category for malware distributors continued to be education sites, followed by business and travel websites.

Spam topics

Event spam transformed into real-time spam in Q2, with spammers using current breaking news within hours of the news emerging, sending fake news alert emails in the name of media outlets such as CNN or BBC in order to lure recipients into clicking on a link leading to malware-infected websites. The campaigns are usually run for a very short time and then replaced by new ones using a new breaking news story. This gives the emails an appearance of urgency and specifically targets users who might not have heard the news. In Q2, such campaigns used, among other events, the Boston bombings and the Waco explosion.

As far as spam topics are concerned, the first half of 2013 was a period of comebacks: after the re-emergence of pump and dump or penny stock spam in Q1 (which remained a major topic in Q2), diet spam, i.e. emails advertising allegedly miraculous drugs and methods to lose weight, became the second largest spam topic in Q2, multiplying its share among all spam emails from 0.4 percent in Q1 to 10.9 percent in Q2. The number one spam topic remained pharmaceutical spam, mainly advertising for Viagra and similar drugs, although its share of the overall spam volume significantly decreased: from 16.3 percent in Q1 to 11.7 percent in Q2.


Countries of origin

Belarus topped the list of spam-sending countries in Q2 with a share of 14.8 percent of all spam. The United States came in second (6.3 percent) followed by the Ukraine (5.8 percent). In terms of spam-sending zombie computers, India retained the crown with a share of 12.2 percent, followed by China (9.7 percent), Vietnam and Belarus (5.6 percent each).


Web security

In Web security, the second quarter of 2013 again saw extensive use made of various Web exploit kits. The most popular one remains the Blackhole Exploit Kit which scans the target system and downloads the appropriate malware. This was used, for example, in the real-time spam campaigns described above. Other campaigns delivering exploit kits used phony LinkedIn invitations and Facebook notifications.

About Commtouch Internet Threats Trend Report

The Commtouch Internet Threat Analysis Team regularly publishes related statistics within its report. The quarterly report is compiled based on a comprehensive analysis of billions of daily transactions handled by Commtouch’s GlobalView Cloud.

To view the full Commtouch Q2 Internet Threats Trend Report, visit:

You might also like

Phishing with QR codes

Don’t Scan or be Scammed By Maharlito Aquino, Kervin Alintanahin and Dexter To In 1994, a type of the matrix barcode known as the Quick Response code, now widely known as QR code, was invented by Masahiro Hara from a Japanese company Denso Wave. The purpose of the...