August State of Spam Report
The August State of Spam Reporthighlights the continuing decline of image spam, which reached a low inJuly from its peak in January. In addition, we observed the emergenceof a new focus - greeting card spam, PDF and other file attachmentsspam, and the rise in URLs with Chinese top-level domains (TLDs)marketing spam. This month’s spotlight includes regional spam trends inEMEA.
Though still steadily declining, what we’ve come to think of as‘image spam’ has not gone away. The preferred delivery method of thisspam type is now PDF, which emerged in June of 2007 and was discussedin a previous post. Symantec is seeing PDF spam ranging between two toeight percent of all spam. July also saw the emergence of yet moretactics focused on spamming images. These tactics include the use ofXLS and ZIP files. At this time, the volume of these spam types is lowbut Symantec is closely monitoring this new technique.
Greeting card spam containing links to viruses was seen in higherthan usual numbers in July. More than 250 million Symantec customerswere targeted with these message types. Around the Fourth of July aparticularly large outbreak was seen and blogged on. The content of thegreeting cards consists of an exposed IP address in most cases, whichis a very good indicator that the card is not genuinely good. Theseexposed IP address links were downloading Trojans onto computers. Asample of this message type can be seen in the August State of SpamReport.
Also observed in July was the rise in the number of spammy URLsutilizing the ‘cn’ TLD. While historically the most commonly seen TLDsin spammy URLs were ‘net’ and ‘com,’ in July Symantec estimates thatover 74 million spam messages contained a spammy URL with a ‘cn’ TLD.Several possible reasons for this rise are included in the August Stateof Spam Report.
The spotlight on ‘Regional spam trends EMEA’ this month showcasescasino spam, Italian medication spam and an iPhone scam. Europeancasino spam was first mentioned in the April State of Spam Report.Current observations show this spam type covered by at least threedifferent languages. Samples can be seen in August State of SpamReport.
One common attack in the US market is ‘male enhancement’ medicationspam. The European market, and in particular the Italian market, is nowseeing this spam type as well. What is different about this version isthat the subject lines of the messages observed were all designed tomake it look like the email was from a friend.
Another interesting spam seen in the European market was purportingto sell the new Apple iPhone from a UK warehouse. This is interestingbecause the iPhone is not available in Europe yet and the price listedfor the phone was far below retail.