Symantec has announced the findings of its January Symantec.cloud Intelligence Report, which shows that spammers are using holidays and major events to make their mail more appealing.
Symantec Intelligence has seen more than 10,000 unique domain names compromised with a redirect script written in PHP that contains a reference to the New Year in the file name. These redirect scripts were hosted on compromised Web sites and links to these were included in spam emails, which were subsequently blocked by Symantec.cloud.
To further entice recipients to open their messages, spammers used additional social engineering techniques by including parameters in the URL to suggest that the destination is a social networking site.
Symantec Intelligence expects to see spammers taking advantage of other ‚calendar events‚ like the Chinese New Year celebrations which ended on the night of the 4th of February and the fast-approaching Valentine’s Day.
‚We also expect to see plenty of spam and malware taking advantage of some of the major upcoming sporting events this year. We are already seeing references to the Summer Olympics in London (27 Jul ‚ 12 Aug) as part of 419 or advance fee fraud messages,‚ said Mark Smissen, Business Development Manager, Symantec.cloud.
‚By relating their mails to widely-celebrated holidays and current events with global interest, spammers and malware authors can (at first glance at least) make their messages more interesting, and increase the chance of recipients visiting spam Web sites or becoming infected,‚ Smissen said.
During December, global spam levels dropped, but in January gradually returned to similar levels as in November 2011, which is still lower than the 2011 average. There was an overall decrease in phishing numbers globally and January saw South Africa finally dropping out of the top 5 countries.
January 2012 highlights:
Spam: The global ratio of spam rose by 1.3 percent since December bringing it to 69.0 percent (1 in 1.45 emails). This follows a noticeable drop in December when spam fell to 67.7 percent. The recent increase means that spam has almost returned to the same level as in November 2011.
Spam accounted for 69.5 percent of email traffic in South Africa.
Phishing: The global phishing rate increased by 0.06 percentage points, taking the average to one in 370.0 emails that comprised some form of phishing attack.
E-mail-borne threats: The global ratio of email-borne viruses was one in 295.0 emails, a decrease of 0.02 percentage points since December 2011. Twenty-nine percent of email-borne malware contained links to malicious Web sites, unchanged since December 2011.
In South Africa, one in 305.9 emails was blocked as malicious.
Web-based malware threats: January saw an average of 2,102 Web sites each day harboring malware and other potentially unwanted programs including spyware and adware: a decrease of 77.4 percent since December 2011.
Endpoint threats: The most frequently blocked malware for the last month was WS.Trojan.H. WS.Trojan.H is generic cloud-based heuristic detection for files that posses characteristics of an as yet unclassified threat. Files detected by this heuristic are deemed by Symantec to pose a risk to users and are therefore blocked from accessing the computer.
January 2012 geographical trends :
¬∑ Saudi Arabia became the most spammed geography with a spam rate of 75.5 percent.
¬∑ China was the second most-spammed with 75.0 percent of email traffic blocked.
¬∑ In the US, 69.0 percent of email was spam and 68.7 percent in Canada.
¬∑ The spam level in the UK was 69.3 percent.
¬∑ In The Netherlands, spam accounted for 70.7 percent of email traffic, 68.2 percent in Germany, 69.1 percent in Denmark and 68.6 percent in Australia.
¬∑ In Hong Kong, 67.5 percent of email was blocked as spam and 66.7 percent in Singapore, compared with 65.6 percent in Japan.
¬∑ Spam accounted for 69.5 percent of email traffic in South Africa and 73.1 percent in Brazil.
¬∑ The Netherlands became the country most targeted for phishing attacks with one in 62.6 emails identified.
¬∑ The UK was the second most targeted country, with one in 179.4 emails identified as phishing attacks.
¬∑ Phishing levels for the US were one in 1,145 and one in 379.9 for Canada.
¬∑ In Germany phishing levels were one in 797.6, one in 330.9 in Denmark.
¬∑ In Australia, phishing activity accounted for one in 542.2 emails and one in 942.9 in Hong Kong: for Japan it was one in 5,692 and one in 1,156 for Singapore.
¬∑ In Brazil one in 1,007 emails was blocked as phishing.
¬∑ The Netherlands had the highest ratio of malicious emails in January, with one in 61.4 emails identified.
¬∑ The UK had the second highest rate, with one in 169.1 emails identified.
¬∑ In South Africa, one in 305.9 emails was blocked as malicious.
¬∑ The virus rate for email-borne malware in the US was one in 592.5 and one in 285.4 in Canada.
¬∑ In Germany virus activity reached one in 471.7 and one in 318.1 in Denmark.
¬∑ In Australia, one in 327.9 emails was malicious.
¬∑ For Japan the rate was one in 1,573, compared with one in 482.9 in Singapore.
¬∑ In Brazil, one in 681.7 emails in contained malicious content.
¬∑ The Education sector became the most spammed industry sector with a spam rate of 71.0 percent.
¬∑ The spam rate for the Chemical & Pharmaceutical sector was 69.0 percent, compared with 68.7 percent for IT Services, 68.4 percent for Retail, 68.9 percent for Public Sector and 68.2 percent for Finance.
¬∑ The Public Sector remained the most targeted by phishing activity in January, with one in 99.1 emails.
¬∑ Phishing levels for the Chemical & Pharmaceutical sector reached one in 838.0 and one in 647.8 for the IT Services sector, one in 529.4 for Retail, one in 169.4 for Education and one in 253.7 for Finance.
¬∑ With one in 90.2 emails being blocked as malicious, the Public Sector remained the most targeted industry in January.
¬∑ The virus rate for the Chemical & Pharmaceutical sector reached one in 381.3 and one in 399.4 for the IT Services sector: one in 407.1 for Retail, one in 138.3for Education and one in 236.7 for Finance.
¬∑ The spam rate for small to medium-sized businesses (1-250) was 68.9%, compared with 69.1% for large enterprises (2500+).
¬∑ Phishing attacks targeting small to medium-sized businesses (1-250) accounted for one in 225.2 emails, compared with one in 410.9 for large enterprises (2500+).
¬∑ Malicious email-borne attacks destined for small to medium-sized businesses (1-250) accounted for one in 277.3 emails, compared with one in 281.5 for large enterprises (2500+).
* Follow Gadget on Twitter on @gadgetza