February’s love-themed malicious spam was dominated by Trojans, as the cybercriminals’ mass mailings targeted credulous users with a Trojan-Dropper, a report by Kaspersky Lab said.
The Trojan installs two malicious programs on the system – one is spyware that steals all document files from the computer and sends them to a specific mailbox; another is IRC-bot/worm called ShitStorm which can carry out DDoS attacks on websites and spread copies of itself via MSN and P2P services. If recipients respond to this sort of email, their computer can easily become part of a botnet.
In addition to Trojan spyware February malicious spam included ransomware – a type of malware that blocks the user’s computer and then demands money to unblock it. The explicit photos also turned out to be malicious programs and among them was the Andromeda backdoor that allows cybercriminals to secretly control a compromised computer.
Yet another malicious program imitated fake notifications from major social networking sites. Messages allegedly sent on behalf of Facebook informed recipients that a lot had happened on friends’ news feeds since they last visited the site and they were prompted to open the attached archive to find out more. The archive contained the backdoor from the aforementioned Andromeda family.
Meanwhile, ‘Nigerian’ scammers could not pass up the opportunity to exploit the situation in Ukraine and the tragic events that followed in order to cheat users out of their money. They cited some familiar stories about unfortunate tourists in Kiev who had all their money stolen, followed by a request for financial assistance.
A lot of malicious attachments in February’s spam came in emails allegedly sent by women who wanted to make new friends in the run-up to Valentine’s Day. Some attackers went even further by trying to hook recipients with the promise of explicit photos in archives attached to messages. There were also more conventional malicious mass mailings imitating fake notifications from popular social networking sites, including Facebook.
The proportion of spam in email traffic in February increased by 4.2 percentage points compared to the previous month and averaged 69.9% – 1.2 percentage points less than in February 2013.
China (23%) returned to the top of the rating, followed by the USA (19.1%) and South Korea (12.8%)
Russia (7%) ended the month in fourth place with an increase of 1.1 percentage points. Taiwan (5.1%) dropped to fifth place after its share decreased by 1.1 percentage points compared to January.
India (3.4%), Vietnam (3%), Ukraine (2.3%) and Romania (2%) all experienced an average decline of 0.2 percentage points in the proportion of distributed spam.
In February, Japan’s share (1.8%) fell 0.3 percentage points compared with the previous month, resulting in a drop of one place in our rating to tenth place.
Sources of spam in Europe by country:
South Korea remained the leading source of spam sent to European users (48.6%) in February.
Next came the USA whose contribution also increased by almost 3 percentage points, pushing it up one position to second place. In January the USA was third with 5.3% of all spam sent to European users.
Taiwan (5.5%) in third place, Russia (5%), China (3.9%), Ukraine (2.3%), Vietnam (1.8%)
India rounded off the Top 10 with 1.6% of spam sent to European users. The UK and Germany’s figures are slightly lower – 1.5% and 1.4% respectively.
Phishing
Top 3 types of organizations targeted most frequently by phishers were: social networking sites (27.3%), email services (19.34%) and e-pay organizations (16.73%). Kaspersky Lab specialists also came across fraudulent notifications in February that claimed to be from the Malaysian HongLeong bank.
“Spammers are becoming more intelligent in masking their messages under the garb of offering something genuine to the recipients – be it Valentine’s day discount or news about Ukraine, etc. And once unsuspecting users have clicked or downloaded the email attachment, Trojans are downloaded without the user’s knowledge, which are capable of stealing data or even holding the data at ransom (encrypting the data and demanding money to decrypt the data, like CryptoLocker),” said Altaf Halde, Managing Director, Kaspersky Lab – South Asia.
“Internet users in India should start taking their digital security seriously. With the number of threat vectors increasing alarmingly along with the rise of cybercriminal activities, it is imperative that Internet users in India protect themselves with a genuine Internet Security or Anti-Virus software. With regards to spam, the government should initiate spam laws that will deter spammers from making India their safe havens.”