Select Page

Cyren Security Blog

Real-time Spam Emerges as Email-borne Threats Increase in Q1

On May 1, Commtouch released its quarterly Internet Threats Trend Report for the first quarter of 2013. It is a special report: for the first time the previously separate Commtouch Internet Threat Trend Report and the eleven E-Mail Security Report have been merged – providing a more comprehensive view of Internet-based threats and focusing on a wide range of topics: email security, Web security, mobile security, and malware. The new report will be published quarterly and highlight the most important trends and biggest threats to Internet security.

Spam and malware levels rise

The main focus of the first edition is email security. For good reasons: email-borne threats grew dramatically in the first quarter of this year. The most unusual fact: unlike in previous years, when spam and malware email spikes succeeded each other, this time levels of all major categories of unwanted and dangerous emails increased at the same time. Spam volumes almost doubled, increasing by 98.0 percent compared to the end of the previous quarter. The increase was 36.5 percent in March alone, compared to March of 2012 spam levels were 47.7 percent higher. This also led to a higher share of spam among the entire email volume.

SecurityReport_April2013_web_en_ct-01

Similar increases were registered with respect to email-borne malware. In March 2013, the volume of known malware rose by 75.1 percent compared to February, 157.1 percent compared to December and 255.5 percent in comparison to March 2012. Virus outbreaks increased by 124.0 percent in relation to February volumes, by 290.5 percent since December and by 251.5 percent compared to the same month the year before. The increase in phishing levels somewhat slowed in March (8.1 percent since March), but overall the quarter saw a 73.8 percent increase.

This, of course, was reflected in the total number of dangerous emails sent each day worldwide: In the first quarter of 2013, an average 97.4 billion spam emails. In March, the number of daily spam emails even significantly exceeded the 100 billion mark (117.8 billion). During the previous quarter, the daily average was about 90 billion spam emails. The number of malware emails scratched the 1 billion mark in Q1 with a daily average of 973 million emails. Overall, 78.1 percent of all email in March were spam, email-borne malware had a share of 4.5 percent of all emails, while phishing emails were just below 0.1 percent.

Real-time spam emerges

Event spam has been a constant storyline for the past few years. Using popular events such as holidays as a pretext for spam campaigns has been very popular with spammers. The idea: Consumers might be more susceptible to “special offers” and the like if they are packed in a Valentine’s Day or a Christmas offer. Soon, the trend spread to current events – and to more sinister purposes: when Michael Jackson died, emails circulated, allegedly linking to “exclusive videos” which, however, served to deliver malware. The Valentine’s type spam also grew more dangerous: increasingly such email were used for phishing purposes.

In Q1, a new step was taken down this road. In what could be termed “real-time spam”, spammers use the current news topics of the day to lure recipients into opening messages or clicking on links. The election of Pope Francis was a major such event in March. Spam message pretended to come from trustworthy news organizations such as CNN or BBC News and promised exclusive news relating to the new pope. The links contained in the messages often led to drive-by malware sites. A day later, the same messages appeared this time containing headlines relating to the financial crisis in Cyprus. It appears that the spammers have found an at least semi-automatic way of inserting current news into prepared messages in order to make them more appealing. This way fake news messages can be almost as fast as real breaking news reports.

Return of pump and dump spam

The biggest change in the first quarter of 2013 was the re-emergence of pump and dump or penny stock spam. This was a favourite spam topic until about five years ago before it all but disappeared. These emails advertise cheap shares with very small trading volumes, indicating there was significant earning potential in them. The trick: If only a few recipients can be fooled into buying the stock, the value will rise significantly and the spammers cash in. This kind of spam has become a significant part of overall spam volumes. In March 2013, 18 percent of the top 25 spam mailings (with a combined volume of 46 percent of all spam) were pump and dump mailings, among them the two biggest spam waves in March. This is not the first time in recent years old tricks have been recycled by spammers hoping current-generation spam filters would not catch them. Because of its absence in recent years, stock spam is not a separate topic category recognized by the Commtouch Labs but it was a major factor in the “other” category gaining a 53.0 share in March 2013 and 43.4 percent in all of Q1.

SecurityReport_April2013_web_en_ct-02

You can find more on the latest email security trends and much more in Commtouch’s Q1 Internet Threats Trend Report.

You might also like

Square Enix Phishing Campaign

From July 20 until August 16, 2021, Cyren observed a significant increase in the number of Square Enix phishing URLs. The campaign coincided with 14 days of free play announced by Square Enix on July 12, 2021. During this period, we detected a total of 47,076 URLs for...