eleven E-mail Security Report for June 2012: Explosive growth in malware in May 2012
The number of malware e-mails swells by a factor of ten in a single month – Spam also increases by 17% – Instances of phishing also continue to rise
Berlin, June 7, 2012 – The months of April and May 2012 were shaped by a significant increase in malware, phishing and spam. These were the results of the eleven E-Mail Security Report for June 2012 presented today by leading German e-mail security provider eleven. There was an explosive rise in the number of virus-infected e-mails: the volume of known malware swelled by more than a factor of ten, growing by 927.4% from April to May, while virus outbreaks more than tripled, up by 251.6%. However, the volume of spam e-mails was also back on the rise following a slight decline of 3.7% in the first quarter of 2012. In May alone, occurrences of spam grew by 17.3% (see image). Phishing attacks continued to rise with instances up by 23.6% in May after overall increase of almost 170% in the first quarter. Germany is now experiencing a ‘comeback’ of sorts as one of the largest senders of spam e-mail in the world, returning to the top-ten list of spammers in May for the first time since the Rustock botnet was shut down in march of 2011.
An overview of other key trends:
- One factor contributing to the increase of spam in April and May was the continued trend of using public holidays and major events as an occasion or cover for spam campaigns. In addition to numerous waves of spam in the run-up to Mother’s Day, the Olympic Games in London were already having an influence on spam activities in May. In particular, fake ticket lotteries were often used as a vehicle for spam and phishing e-mails. It is fair to assume that this trend will become significantly more prevalent until the Games start on July 27, 2012.
- The tendency towards using campaigns that specifically target users in certain countries also continued to become more widespread in April and May 2012. In addition to phishing attacks, however, there was a focus on traditional spam. Since the start of the year, the research team at eleven has observed a marked increase in the volume of spam advertising male potency drugs and written in good German. This means that spam activities are also becoming increasingly region-specific – a trend that has been observed for a long time in phishing and malware campaigns.
- The geographic distribution of spamming continued to spread out noticeably in April and May 2012. The top-ten list contains four Asian countries, but both Eastern Europe and Latin America occupy two places, and there are two developed Western nations in the ranking, specifically the USA (position 6: 3.8%) and Germany. India retained its position at the top as the origin of 11.0% of all spam, followed by Vietnam (6.2%) and Brazil (5.9%). (see image)
- For the first time since the Rustock botnet was shut down in March 2011, Germany returned to the top-ten list of spammers in May 2012, occupying tenth position and accounting for 2.8% of the world’s spam. Also featuring in the ‘comeback’ of developed Western nations were the USA, which ranked sixth, and France, which took seventh place in April (4.5%).
- Despite the increase in spam e-mail occurrences, the proportion of actual spam fell between March and May 2012 from 72.9% to 67.4%. The main reason for this development was the sharp rise in other types of e-mail, particularly malware-infected e-mails.
- The big ‘winner’ when it came to the subject of spam e-mails was fake luxury items, which more than doubled their share from 6.9% in April to 14.0% in May 2012, managing to secure third place in the spam league table. Pharmaceuticals retained their top position despite experience a decline from 43.1% to 34.4% in the same period. Casino spam took second place with a share of 15.8% in May. (see image)
- The explosive increase in malware can once again be traced back to Trojan horses above all else. In addition to well-known culprits such as Zbot, the eleven research team observed a strong wave of less widespread malware, including the Matsnu, Bublik and Gypikon Trojans. Fake delivery notifications, mobile phone bills and order statements were once again popular tricks. However, there were also incidents of blackmail which threatened recipients with legal action and purported to have photographic evidence attached. However, the attachment was a Trojan.
and on the eleven website at http://www.eleven.de/eleven-security-reports.html.eleven on Twitter: http://twitter.com/elevensecurity
eleven – E-mail security "Made in Germany"
eleven is a leading e-mail security provider based in Germany. Its eXpurgate technology, which is unique worldwide, offers a spam filter and e-mail categorization service that protects the user reliably from spam and phishing, detects potentially dangerous e-mail and can distinguish between individual messages and any kind of mass e-mail. eXpurgate also offers numerous virus protection options and a powerful e-mail firewall.
Over 45,000 companies of all sizes use eXpurgate to check and categorize more than a billion e-mail messages every day. Customers include Internet service providers and telecommunication carriers such as T-Online, O2, Vodafone and freenet as well as many well-known companies and public institutions, including Air Berlin, the Federal Association of German Banks, DATEV, the Free University of Berlin, Landesbank Berlin, Mazda, RTL, ThyssenKrupp and Tobit Software AG. For more information, visit our website at: http://www.eleven.de.
Phone: +49 (0)30 / 52 00 56-278