Berlin, February 16, 2010 – The worldwide volume of spam reached a new record in December 2009 and January 2010 – 97.5 percent of the total volume of e-mail sent. These findings are reported in the E-Mail Security Report February 2010 presented today by eleven, the leading German e-mail security specialist. The world’s largest sender of spam is now the USA, which has displaced Brazil in that position. The beginning of the year was marked by both pharmaceutical spam and several very brief but extremely professional phishing campaigns aimed at credit card accounts and payment systems, and to a lesser degree at social networks.

Here is an overview of the most important trends:

• Spam reached record levels in December and January, with a total of 97.5 percent of the total volume of e-mail traffic.

• In January, the USA led the world again in spamming, followed by Brazil and Germany.

• Pharmaceutical offers were the top spam topic in December and January; while casino spam showed a significant drop in volume.

• Phishing campaigns were dominated by those targeting credit cards (VISA) and payment systems (PayPal).

• Trojans made up 75 percent of malware, dominated by “droppers”, which install malware on the affected computer, and backdoor Trojans, which repeatedly download malware.

Detailed results of eleven E-Mail Security Report February 2010

Spam volume

In December 2009 and January 2010, spam made up 97.5 percent of all e-mail, representing a new record. “Clean” e-mail made up just 1.9 percent, and legitimate mass mailings – such as newsletters – made up 0.6 percent. The volume of e-mail that served the purpose of transporting malware amounted to just 0.1 percent.

Spam campaigns

At the beginning of 2010, the focus of most spam changed significantly from casino to pharmaceutical campaigns. The “Royal Euro Club Casino“ took first place in December 2009 with a share of 6.6 percent of all spam e-mail. By January 2010, however, a variety of campaigns claiming to be about “Pfizer“ and “Viagra“ – and generally promising discounts of up to 80 percent on the purchase price of the products – had taken the lead with a share of 17.4 percent of all e-mail. In comparison with December, the volume of pharmaceutical spam doubled in January.

In general, the lifespan of a typical spam campaign is decreasing: campaigns continue for short periods of time and are quickly replaced by a new campaign with a similar topic. This development can be observed with pharmaceutical spam in particular, and is a reaction by spammers to the adaptations made to many spam filters that have resulted in better spam detection of the various predecessor campaigns. In addition, the URL links used in these spam messages are often active for only a very short time, in some cases less than an hour.

Event spam

The trend continues of distributing spam and malware with a connection to current events, even though the share of event spam in the total e-mail volume remains modest (under 10 percent), since event spam waves are usually very short. In December, Christmas-related campaigns took the lead, particularly in the area of malware. The latter involved what purported to be e-cards, but were actually a front for Trojans. January 2010 saw a few campaigns in conjunction with the introduction of the Apple iPad, and at the end of the month, the first Valentine’s Day waves appeared.

Sources of spam

The world’s largest sender of spam is now the USA, which took the lead from Brazil in January. 9.4 percent of all spam e-mail was distributed from IP addresses in the USA, 9.0 percent from Brazil and 6.6 percent from Germany, followed by India, Vietnam and Romania. In December, Brazil led with 10.2 percent, and the USA (7 percent) and India (5.8 percent) took second and third place. By comparison, in November 2009 Brazil’s lead (over 16 percent) was much more significant.

Phishing

In December and January, phishers targeted primarily credit card data and online payment systems. The largest campaigns affected PayPal and VISA accounts. And the trend toward greater professionalization of phishing approaches also continued: In terms of both layout and content, phishing e-mail messages could scarcely be distinguished from legitimate messages. In addition, eleven’s experts observed once again that several mailings were aimed obtaining access data for social networks, particularly Facebook.

Malware

Malware saw a continuation of the trend toward very short but very intensive waves. Trojan horses dominated with a share of more than 75 percent of all malware. Trojans themselves do not harm infected computers, but they serve as gateways for viruses, worms and bots, which add a hijacked computer to a botnet typically used to send spam. In the lead were the dropper DR/Delphi.Gen with 41.9 percent, followed by TR/Dropper.Gen (23.5 percent), and the backdoor Trojan TR/Crypt.XPACK.Gen (9.6 percent) from the Bredolab family. These malware attempts were generally disguised as important messages: particularly affected were services for parcel delivery (UPS, DHL) and money transfers (Western Union).

eleven E-Mail Security Report:

Six times a year, the eleven E-Mail Security Report summarizes current figures and trends on the topics of spam and malware. The eleven research team analyses the spam and virus e-mail that is checked by eleven’s Managed E-Mail Security Services, summarizes the results and interprets them. eleven checks more than a billion e-mail messages daily and has a network of more than 30,000 installations around the world.

eleven – e-mail security made in Germany

eleven is Germany’s leading e-mail security provider. eXpurgate is the world’s only spam filter and e-mail categorisation service that offers reliable protection against spam and phishing e-mails, recognises potentially dangerous e-mails and differentiates between individual e-mails and any kind of bulk e-mail.  What’s more, eXpurgate also offers a powerful e-mail firewall and a comprehensive range of options for protecting against viruses.

More than 30,000 businesses of all sizes use the eXpurgate service. eXpurgate checks and categorises over 1 billion e-mails every day.  Alongside ISPs and carriers such as T-Online, O2, Vodafone and freenet, eleven’s client base includes many well-known companies and public institutions such as Air Berlin, the Association of German Banks, DATEV, the Free University of Berlin, Landesbank Berlin, Mazda, RTL, ThyssenKrupp and Tobit Software.  Further information can be found at www.eleven.de.

Contact

eleven GmbH
Sascha Krieger
Hardenbergplatz 2
10623 Berlin
Germany
Phone: +49 (0)30 / 52 00 56-0
E-Mail: presse@eleven.de
http://www.eleven.de

consense communications gmbh
Eva Buschmann
Analena Gmelch
Nymphenburger Straße 86
80636 München
Germany
Tel.: +49 (0)89 / 23 00 26-50
http://www.consense-communications.de