October 2009 saw spam volumes averaging at 87 percent of all email messages, which is consistent with spam volumes observed in August and September 2009, but 10.6% higher than October 2008.
A notable highlight this month is the growth of spam originating from APJ (23% increase of 6% since June 2009) and South America (22% increase of 5% since June 2009) with a corresponding decline in spam originating from EMEA (28% decrease of 6% since June 2009) and North America (20% decrease of 5% since June 2009). This change can be attributed to a number of factors, including spam levels increasing; distribution networks becoming more dynamic as additional broadband connected targets are coming online every day; botnets continuing to jockey for position; and countries such as India, Taiwan, Thailand, and Chile becoming more visible as regions of origin for spam.
With respect to spam categories, Internet spam increased by 7% and now accounts for 39% of all spam messages. This...
Overall spam volumes averaged at slightly over 86 percent of all email messages in September 2009, which is a decrease of 4 percent since July 2009. However, it is considerably greater than September 2008 when spam levels averaged at 78 percent of all email.
Notable this month is that the percentage of spam containing malware has increased, reaching up to 4.5 percent of all spam at one point. When compared to August 2009, Symantec has observed a nine-fold increase in spam containing malware during September. With respect to spam categories, the main movers were Internet spam, which increased by 3 percent again this month and averaged at 32 percent of all spam; and financial spam, which decreased 3 percent to account for 17 percent of all spam.
Click here to download the October 2009 State of Spam Report, which highlights the following trends:
Overall spam volumes averaged at 87 percent of all email messages in August 2009, which is a decrease of 2 percent since July 2009. Health spam, which decreased by 17 percent in July, also decreased again in August and averaged at 6.73 percent. It is interesting to note that over 29 percent of spam is now Internet-related spam. Internet-related spam attacks are those that specifically offer or advertise Internet- or computer-related goods and services. Examples include attacks promoting Web hosting, Web design, and spamware-related products and services.
Holiday spam campaigns have also begun taking advantage of Halloween and Christmas. This follows closely after Labor Day-related spam in a nod to what some economists predict will be a very difficult holiday season for legitimate retailers.
While overall spam volumes averaged 89 percent of all email messages in July 2009, spam volumes continue to fluctuate. During July 2009 image spam continued to have an impact, reaching 17 percent of all spam during one point in July. Health spam decreased by 17 percent, while product and 419 spam both saw increases of eight and three percent, respectively, month over month. Similar to tabloid magazines, spammers continue to have a fascination about certain celebrities such as President Obama, Michael Jackson, and Emma Watson (from the Harry Potter franchise)—they all featured in spam attacks in July 2009.
Click here to download the August 2009 State of Spam Report, which highlights the following trends:
· Spammer’s Opinion Poll: President Obama and Michael Jackson...
In early June , Symantec reported that the FTC had worked with others to shut down the Internet service provider Pricewert LLC. While this was a good example of how security professionals can work together in the fight against cybercrime, spam volumes remained at a very high level throughout June, averaging 90 percent of all email messages. The recent passing of Michael Jackson and the subsequent public interest is yet another example of how spammers are willing to use any notable event as a cover to distribute their messages.
Click here to download the July 2009 State of Spam Report, which highlights the following trends:
Different Faces of Michael Jackson Spam and Malware
Fourth of July Holiday Brings Fireworks and More Spam Campaigns
While the McColo shutdown is all but a distant memory and spam levels are consistent with the levels observed over a year ago, the fight against cybercrime continues in earnest for June 2009. The FTC's recent efforts to shut down Internet service provider Pricewert LLC is another example of how security professionals can work together in the fight against cybercrime.
Symantec assisted by providing security intelligence to back up the FTC's case in the form of information on what threats were detected as being associated with the ISP, for example the Cutwail botnet. However, a repeat of the spam volume decline observed following the closure of McColo in November 2008 is not expected in this case. Those behind Pricewert LLC are already taking their business elsewhere—perhaps learning from their past experience—and it is expected that this will be more of a blip rather than a significant decrease in any malicious activity.
Spam volumes continue to creep back up to normal, and are currently sitting at 94 percent of their pre-McColo levels. The recent swine flu outbreak has become yet another example of how spam continues to respond to current events. The use of the swinef flu outbreak in this manner is yet another case of history repeating itself, since it follows closely on the spammer’s abuse of the Italian earthquake and the U.S. tax day.
In another example of history repeating itself, image spam has recently made an unwelcome return. While it has not yet returned to the dizzying heights of January 2007, when it reached 52 percent of all spam messages, image spam hit an average of sixteen percent of all spam messages towards the end of April 2009.
Click here to download the May 2009 State of Spam Report, which highlights the following trends...
According to recent political opinion polls, U.S. President Obama’s approval rating currently stands at 65%. It is clear that when his first 100 days in office are analyzed, spammers also view him favorably. In the last few weeks there has been a noticeable boost in the number of spam messages that use his name and popularity to promote certain spam products and services.
President Obama first became a target for spammers in 2008, when Obama and his then challenger Senator John McCain had their names linked with "portable dewrinkle machine" spam, medical product spam, and get-rich-quick spam messages. When President Obama took his campaign to Europe in July 2008, Spammers duly followed up with a spam campaign that contained links to...
The effects of the shutdown of the McColo Web-hosting company in November 2008 continue to ripple through the spam landscape. While spam levels have yet to reach the highs recorded before McColo was shut down, spam volumes are gradually creeping back up and are at approximately 91 percent of their pre-McColo shutdown levels.
A recent review of spam zombie activity shows that the EMEA region continues to be the leading source of all zombie IP addresses, hosting 45 percent of active zombie computers in March 2009. Brazil, however, at 14 percent owns the dubious honor of being the number one host country for active zombie machines. The distribution of top-level domains (TLDs) in spam URLs also continues to be interesting as the .cn TLD retains its “silver medal” position—34 percent of URLs contain this TLD. The United States (28%) and Brazil (9%) retain their positions as the predominant regions of spam origin. It is also notable that spam continues...
If you are a resident of the United States and haven’t already filed your tax returns, maybe you should consider reading the following blog post. The countdown to “tax day” (April 15 in the United States) is currently in full swing, with the IRS offering daily tips for filing.
The run-up to tax day in the United States has traditionally become a time when phishing directed towards the IRS becomes more prevalent. As reported in previous Symantec State of Spam reports, spammers continue to attempt to disguise themselves as the IRS, dangling tax refund offers in front of unsuspecting users.
These “offers” are aimed towards recipients who may be unaware that the IRS “does not initiate communication with taxpayers through email.” The purpose of these attacks is...
Given the ominous subject line, “Take care about yourself!” [sic], fear mixed with excitement might propel some recipients to disregard security consequences and click on URLs that link to malware. In this recent spam example, geo-location services were used to target the recipients of the message. Depending on the relative location of the message recipient, the location of the fake terrorist attack mentioned in the text of the message differs.
In one particular location the spammer indicated that there was a “Powerful explosion burst in San Pablo this morning,” and in another they indicated that there was a “Powerful explosion burst in Pune this morning.” Then, there is a brief description of the “attack” including, “At least 12 people have been killed and more than 40 wounded in a bomb blast“ and “explosion was caused by 'dirty' bomb.” The logo of a prominent news wire service was added...
Similar to the topic of the economy, everyone is talking “green” these days, and it’s not just with St. Patrick’s Day occurring today, March 17th. With the renewed attention on environmental responsibility, spammers seem to have become inspired and have decided to contribute with green spam. This recent contribution has helped to ensure that spam levels in February 2009 averaged 86% and has pushed spammers one step closer to obtaining their own “pot of gold.”
In his recent address to Congress and America, President Barack Obama struck a note of optimism, declaring that the Unites States’ best days are ahead even if, at this moment, the future looks bleak. Unfortunately, in March 2009 the economy has become one of the factors contributing to the spammers’ unique version of a stimulus plan. Some recent examples of the economic stimulus spam plan included: job seekers becoming targets of a spam attack that included...
In the legal realm, certain spammers have, from time to time, occupied the defendant’s chair. In a recent spam attack it seems that a spammer wishes to change this legal position and become the “pied piper” in some class action lawsuits.
The FDA first approved Avandia in 1999 to treat type 2 or adult onset diabetes. In February 2009, a spam message relating to this drug was reported to be making the rounds. The message comes with the following subject line: “Have You Taken AVANDIA? Important Lawsuit Information.” The spam message indicates that “If you or someone you know has taken Avandia you or that someone or their family may be entitled to monetary damages.” A URL link is available for the recipient to click on to “Begin Your Free Review Form.”
Everyone is talking about going green these days, and it’s not just because St. Patrick’s Day is around the corner on March 17th. The Obama administration has recently reiterated its efforts to create "21st century jobs that improve energy efficiency and utilize renewable resources." With the renewed attention on environmental responsibility, spammers seem to be inspired and have decided on contributing with green spam.
We recently observed a spam attack with a message claiming that the recipient could lower their electric bill to $0.00 per month, with the possibility of even getting a power company to pay the recipient for the use of any excess energy produced. Among the reasons provided by the spammer as to why this offer should be accepted was: “You will be able to protect your pocket book during these recession times and spend money on more important things...”
The green spam “offer” included the following testimonials...
From Martha Stewart to Anna Kournikova—even the White House has one—blogs and microblogs are all the rage, with the ability to self-publish one’s thoughts and experiences for the world to read. The Symantec Security Response spam blog has recently published a myriad of posts documenting the ever-changing spam landscape. Symantec’s antispam team has blogged about recent spam attacks, such as Russian bride spam, spam attacks targeting job seekers, and even Turkish-language spam; so, it is fitting that a recent spam message observed by Symantec related to getting “paid” to write blogs should be discussed here.
The spam message claimed things like “freelance writers are needed” and “post in blogs”—all packaged together nicely with an offer to get paid anything from $12 to $50...
