Spammers hit the cloud
Spam increased globally in Q2 2011 as spam networks recover from take-down
Spammers are beginning to hit cloud services in Q2 2011, with Kaspersky Lab seeing several instances of emails containing links to the Google cloud services, which redirected users to advertising sites or phishing pages.
According to Kaspersky, users are less likely to suspect pages like these because they are located on popular resources and the connection is performed via the HTTPS protocol which supports encryption.
The share of spam in mail traffic averaging 82.5% in Q2 2011, an increase of 3.9 percentage points compared to Q1 and 0.3 percentage points higher than the average figure for 2010.
Spam networks that were taken down by internet security companies last year are slowly recovering, which accounts for the spam increase. Since the closures, spammers have had to apply a new set of tactics to keep them in business.
Q2 2011 saw an increase in the number of botnets, although they were quite small and none accounted for such large shares of spam traffic as Cutwail or Rustock did in the past.
According to Kaspersky Lab, this is because either the spammers still have not increased capacities to where they can send millions of spam emails daily or they are deliberately not risking everything on a single major botnet.
Sources of spam messages are more evenly spread out in Q2 2011, unlike in the past when three countries were regularly responsible for half of all world spam, zombie machines used to spread spam emails are now located in almost every country of the world.
Spammers' geographical expansion is now complete with no territories now left untouched by the botmasters.
In the Q2 2011, spam was sent almost exclusively from developing countries with India at the top of the list with an increase of 4.26 percentage points in spam sending, Brazil had increased by 3.14 percentage points and Indonesia was up 1.66 percentage points.
India's total contribution to spam volumes in Q2 was up by five percentage points compared to Q1 and totalled 14.06%.
Kaspersky Lab said that this is due to the presence of millions of unprotected, unpatched machines that can remain active in zombie networks for long periods of time, making India a happy hunting ground for botmasters.
The US also remains a comfortable place for the creators of botnets.
"Developing countries are attractive for botmasters due to the absence of effective anti-spam legislation and low IT security levels, while developed countries are of interest because of their fast, widely available Internet connections," said Darya Gudkova, head of Content Analysis & Research at Kaspersky Lab. "Therefore, it comes as no surprise that the US remains a very attractive bridgehead for cybercriminals creating botnets. The US may well have dropped out of the group of leading spam senders following the anti-botnet campaign by law enforcement agencies in autumn 2010, but after the command centers of a big botnet were closed, the cybercriminals started to create a new one almost straight away."
In February, the majority of malware sent to the US were banking Trojans, designed to steal users' financial data or to extort money from users, however, in March and April more than half of the Top 10 entries were Trojan downloaders for installing malware on a user's computer that added the infected machine to a botnet.
Emails containing malicious attachments continued to increase in Q2 2011: the average percentage of emails with malicious attachments increased by nearly 0.81 percentage points, reaching 3.86%.
Some of the worms detected not only collected email addresses and distributed themselves via mail traffic, some worms also installed other malicious programmes once they had penetrated a victim's computer.
Malicious attachments were found most frequently in email traffic received in Russia at 12.5% of emails, the US came second with 12.21%, an increase of 1.8 percentage points compared with Q1. Vietnam was third, accounting for 7.43% of all email antivirus detection activity an increase of +0.46 percentage points.