Kaspersky Lab recently said that the amount of unsolicited correspondence in email traffic grew slightly by 0.53 percent and averaged 66.55 percent in the first three months of 2013, according to its latest spam report.
“In first quarter 2013, the percentage of unsolicited correspondence in mail traffic fluctuated from month to month, although the average figure remained practically unchanged from the previous quarter,” said Tatyana Shcherbakova, senior spam analyst of Kaspersky Lab.
The increase in the proportion of emails with malicious attachments was also small, reaching 3.3 percent, while the share of phishing emails fell 4.25 times to 0.0004 percent.
In the first quarter of 2013, spammers switched to techniques that were once well known but had fallen into disuse. They revived the use of the once-popular method of creating background noise known as “white text.”
This method involves adding random pieces of text (this quarter they were sections of news reports) to the email. These insertions are in light gray font against a gray background, and are separated from the main text of the ad with a lot of line breaks.
“We expect the share of spam to remain at its present level in the future or grow slightly due to the recent increase in the number of multimillion mass mailings,” Shcherbakova said.
The scammers expect content-based spam filters to regard these emails as newsletters and, besides, the use of random news fragments makes each email unique and thus difficult to detect.
In addition, spammers have been exploring the possibilities of legal services and are now using them to bypass spam filtering.
The actual address to which the malicious link leads is masked by two legal methods at once. Firstly, the spammers used the Yahoo URL shortening service, and then processed the subsequent link through Google Translate.
This service can translate web pages in the user-specified link and generate its own link to that translation. The combination of these techniques makes each link in the mass mailing unique, and furthermore the use of the two well-known domains adds “credibility” to the links in the eyes of the recipient.
In the first quarter of 2013, several high-profile events occurred: the Venezuelan President Hugo Chavez died; Pope Benedict XVI resigned; and the new Pope Francis was officially inaugurated. As usual, such events did not go unnoticed by spammers.
There were many mass mailings which imitated BBC or CNN news reports, and the users’ curiosity was aroused by the promises of sensational photos and video footage.
China at 24.3 percent and the United States at 17.7 percent remained the most active spam distributors. South Korea came in third with 9.6 percent of all distributed spam in the first three months of 2013.
Interestingly, the spam originating from these countries targets different regions: most Chinese spam is sent to Asia; while junk mail from the US is mainly distributed in North America, thus its major part can be considered internal spam. Unsolicited messages from South Korea, meanwhile, go mainly to Europe.
Kaspersky said that spammers keep trying to draw users’ attention to their messages—they use famous names, world events, or fake notifications from popular online resources. Many emails contain links to malicious programs, including exploits.
“We would like once again to remind users not to click the links in emails, even if the sender appears to be someone you know. It is much safer to enter the address in the browser manually,” Shcherbakova said.
Rosalie C. Periabras