c
 



  
 
› The amount of spam in email traffic increased by 2.1% compared to April¶s figure and
averaged 85.1%.
› The number of links to phishing sites remained unchanged compared to April¶s figure,
accounting for 0.02% of all emails.
› „alicious files were found in 1.69% of all emails, an increase of 0.45% compared with the
previous month.

c



The amount of spam detected in mail traffic averaged 85.1% in „ay 2010. A low of 79.8% was
recorded on 31 „ay with a peak value of 89.8% being reached on 9 „ay.

Spam in mail traffic in May 2010

c



Sources of spam

0n April, 0ndia and Vietnam were hot on the heelsof the USA for spam distribution. However, in
„ay the amount of spam that originated from 0ndia and Vietnam decreased by 4.1% and 7%
respectively. At the same time the quantity of spam coming from the USA increased by 8.5%,
having returned to its usual level of 20.7%.
The amount of spam distributed from Russia increased by 1.2%. Though the growth was negligible,
Russia reentered the Top 3 countries considered as prime sources of spam.
„ay saw major shifts involving China and Brazil ± these countries have started to slowly win back
their positions. They are not in the Top 5 yet, but could be soon. The amount of spam distributed
from China increased by 2% when compared to April¶s figure, while the quantity of spam that
originated from Brazil nearly doubled (+1.2%), which put these two countries in 6th and 7th
positions respectively.
0n „ay, noticeable changes happened to spam flows coming from Germany and 0taly, they dropped
out of the Top 10 having distributed 2% less spam each compared with the previous month.
0nterestingly, there is a ³newcomer´ in „ay¶s Top 20 ± Argentina distributed 2.1% of the total
volume of spam.
The amount of spam distributed from the UK increased by 0.4%, accounting for 2.7% overall,
which put this country in 9th place.


The number of links to phishing sites remained unchanged compared to April¶s figure, accounting
for 0.02% of all emails.
·ay·al, eBay, HSBC and Facebook remain the most popular targets for phishers, with 50.4% (-
4.2%) for ·ay·al, 13.4% (+1.9%) for eBay, 8.5% (-1.1%) for HSBC and 6.9% (-1.8%) for
Facebook. The list of the other six Top 10 members is fairly stable, except for the Habbo social
networking website and the 0RS which were replaced by NatWest and Bank of America
respectively.

Arganizations targeted by phishing attacks in May 2010

ne of the major attacks targeted Bank of America. However the phishers did not even bother to
think of something new:
As can be seen from the screenshot, the trick is typical for this type of fraud: a user must validate
their account after a new security system has been enabled. Of course, their credentials will very
soon fall into the fraudsters¶ hands.

HSBC¶s clients are also among the most attractive targets for phishers. 0n „ay we registered emails
which requested that the bank¶s clients open an attached file. There were no explanations or
comments in the body of the message, and the subject of the email was particularly laconic in nature
- 0„·ORTANT.

An unwary user was in fact redirected to a phishing site where they had to enter their login and
password to purportedly access the online banking system.





„alicious files were found in 1.69% of all emails, an increase of 0.45% compared with the previous
month.

The Top 10 list of countries from which malware was distributed via email remained practically
unchanged compared to April: the developed countries are still more attractive targets for fraudsters
who have much more chance to obtain profit by attacking users from wealthier countries where
each user has a credit card and an online banking or an e-pay system account.
The most noticeable changes in the rating happened to Spain which moved four steps upward to
take fifth position. The amount of malware detected by our mail antivirus solution in this country
doubled compared to the previous month.

Social networks are again the focus of the fraudsters¶ attention. 0n „ay, we registered emails which
used Facebook and YouTube to distribute malicious code. Emails distributed via Facebook were
designed in line with the phishers and spammers usual practice: the user being asked to read some
very important information allegedly received from the social networks¶ administration. 0n order to
read it the user had to follow the link.
0f you look carefully, at the bottom of the page you may see the address which leaves no doubt as to
where a user is in fact going to be redirected to. 0f a user opens the page, a malicious code will
immediately be downloaded to their computer. ·articular notice should be paid to the fact that
spammers have learned to imitate Facebook notifications perfectly. For example, the above message
looks very much like an original email sent on behalf of the social network.

A link contained in some fake YouTube emails is much less professionally designed. 0t offers the
user a chance to download a tool that allegedly provides easy searching of videos on a well-known
portal.

Of course, the ³tool´ is in fact a Trojan program.

c


The „edications and Health-Related Goods and Services category retained the lead for English-
language spam. 0n „ay this category¶s share averaged 30%, whilst for a time during the second half
of the month it even exceeded 45-46% of the total amount of spam.

During „aythe Computer Fraud category again came second, though the amount of this type of
spam decreased slightly compared to April¶s figure (-3%). 0nterestingly, fake DHL notifications
abandoned by malicious code distributors have been taken up by fraudulent spam authors.
However, now users are not told to open the attached file in order to determine the parcel details,
but are instead required to enter their personal data in order to receive a high value cheque with the
help of DHL.
The share of the ·ersonal Finance category increased considerably (+5%) compared to the previous
month and occupied 3rd place in „ay¶s Top 10 most popular spam categories. Emails contained
offers of credit or encouraged recipients to determine their credit ratings.

0nterestingly, spammers who distribute adult content spam (the share of which is, by the way, very
small) actively exploit social networks. Spam flows during „ay saw quite a few emails suggesting
that users register with ³porn Facebook´ or ³porn YouTube´.


0n „ay, the number of links to phishing sites remained unchanged compared to April¶s figure.
·reviously there were only two leaders - ·ay·al and eBay ± in the list of organizations most often
targeted by phishing attacks. A few months ago they were joined by two more organizations and the
Top 4 ³entry list´ has been fairly stable ever since.
There was negligible growth in the amount of malicious emails in „ay. However, spammers are
trying to compensate for the lack of quantity by introducing new malware distribution methods and
abandoning the old ones. For example, some time ago their main trick was sending out fake DHL
and U·S notifications, a practice which has decreased significantly of late.