Q3 Trend Report Highlights Real-Time Malware Campaigns and Increase in Phishing

The third quarter of 2013 saw further use of real-time malware campaigns and a dramatic increase in phishing sites, according to the Q3 Internet Threats Trend Report issued by Commtouch.  

Overview

The ever-growing exploitation of current news events continued in Q3. The time between the news event and the related malware attack has steadily decreased throughout the year and now averages only 22 hours. Real-time malware campaigns in Q3 used news of royal baby Prince George, NSA whistleblower Edward Snowden, and the Syria crisis.

The number of phishing sites increased dramatically during Q3 by almost 35%. PayPal phishing sites alone accounted for approximately 750 new phishing sites each day.

A small decrease of 5% could be seen in the number of malicious websites listed in Commtouch’s GlobalView URL database. Travel websites were the most popular website category for malware distributors, followed by transportation and business websites. Education, which was number one in Q2, fell to number six.

Spam Levels

In the third quarter of 2013, spam levels continued to drop. The average daily amount of spam for the quarter was 69 billion messages compared to the second quarter’s 83 billion – a drop of approximately 17%. Although the quarterly level is the lowest in more than four years, the average per month had been increasing since June’s historic low of 63 billion messages per day until the drop in September. During Q3, spam represented 70% of all emails sent globally, dropping as low as 62% at the start of August.

Spam Q3 2013

Spam Topics

The most popular spam topic was dieting with a share of 40.2% (in Q2 it took position three, with 10.8%). Stock spam moved from 7th position (4.7%) in Q2 to 2nd position (20%) – so called penny stock spam could be seen on a regular basis in the last quarter.

Spam Topics Q3, 2013.

After Stock Spam, the “other” category made position number three, followed by “Pharmacy Products” – which fell to position number four compared to number two in Q2.

Although Dating in Q3 just made position number five, there have been several campaigns on that topic. The content of such campaigns, and the mix of words used, can be seen in the following word cloud:

Word cloud on dating campaigns in Q3

Spam – Countries of Origin

Belarus is again the number one spamming country (6.7%) – but in comparison to Q2 (14.7%) only with half as many spam emails. After topping the spam list in the first quarter of 2013, the United States fell to second place in Q2 (6.3%) – and stay there, even in Q3 (6.4%). The United States is followed by India (6.2%). There is only a small distance between Italy (position four with 5.47%) and Argentina (position five with 5.41%). Positions six to eight are made by Spain (5.1%), Taiwan (3.6%) and Peru (3.4%). Colombia (3.3%) and Iran make position nine and 10.

Countries of Origin

Malware

The average daily amount of malware found in emails remained almost unchanged compared to last quarter at nearly 2 billion emails per day. This average hides the steady increase from July to September which included outbreaks of double the daily average.

Commtouch Security Labs saw numerous repeating email-malware campaigns in Q3. As usual, the emails and notifications were sent in the name of big companies and brands, but included a malicious email attachment and in some cases, also a link to an infected website. The brands used in the attacks included:

  • Apple – an “Apple Store Gift Card” from August had a virus attachment as well as a malicious link in the message body. The gift card amount varied per email.
  • Burger King – with a coupon titled: “THE KING CELEBRATES SPRING!”
  • KFC – with a “KFC for Lunch” coupon
  • Walmart
  • UPS – parcel notifications – attached malware identified by Commtouch as: W32/Trojan.HATG-6756
  • DPD – a big logistics company in Germany, with emails written in German and targeting German users
  • MoneyGram – the transaction sum varied a bit per email

Zombie Botnets

India remains the world’s top zombie hoster: During the third quarter of 2013, India stayed in first place with the most spam-sending bots – although their share dropped by 6% to 13.2%. Russia appeared to absorb most of this percentage and moved from 8th place into 2nd. New entries include Ukraine, Saudi Arabia, and Spain, while the United States, Serbia, and Mexico dropped out of the top 15.

spam zombies Q3

Background

The Commtouch Security Lab’s quarterly report is compiled based on a comprehensive analysis of billions of daily transactions handled by Commtouch’s GlobalView Cloud.

To view the entire Commtouch Q3 Internet Threats Trend Report, visit:
www.commtouch.com/threat-report