What Do India, Rolex, and Viagra Have in Common?

spamcartoon3AIt may sound like the setup for a cheesy punch line, but just for fun, try it out on your friends. What do India, Rolex, and Viagra have in common? The answer? They’re all invading your inbox. The venerable folks at Cisco have just released their 2013 Annual Security Report, and as you might expect, it contains a wealth of information detailing all the ways the cyberpunks, crooks, scammers, and spammers are working hard to make your day more memorable.

Some of the highlight points of the article are head turners, for sure:

  • Android malware has grown 2577% over 2012
  • Mobile only makes up 0.5% of total web malware encounters
  • Online advertisements are 182 times more likely to deliver malicious content than pornographic sites
  • Global spam volumes are down 18% overall, with spammers keeping banker’s hours for a 25% drop over the weekend

Banker’s hours, huh? Yet another reason to hold disdain and contempt for spammers. Of course, not all the information contained in the Cisco report is eyebrow-raising, although it’s still very interesting. We’ve known for awhile that India’s contribution to the world includes more than delicious curry and high-tech prowess. The country continues to top the list of the world’s biggest sources of spam. The breakdown of the top ten spam producing countries is as follows:

  1. India 12.3%
  2. United States 11.38%
  3. Korea 4.6%
  4. China 4.19%
  5. Vietnam 4.0%
  6. Russia 3.88%
  7. Brazil 3.6%
  8. Saudi Arabia 3.6%
  9. Taiwan 2.94%
  10. Poland 2.72%

Again, there are few surprises in the list; however, the U.S. has solidly taken prominence in its contribution to spam volumes, having moved from sixth spot to second. And it is interesting to see Korea and Vietnam place so prominently, while the absence of countries that tend to show up on these lists – like Canada and Nigeria – is notable.

Spam volumes, the report states, continue to be on the decline, but Cisco’s research notes that “spam remains a go-to tool for many cybercriminals, who view it as an efficient and expedient way to expose users to malware and facilitate a wide range of scams.” In fact, despite the perception that spam deploys malware payloads through its email attachments, in fact, “Cisco’s research shows that very few spammers today rely on this method; instead, they turn to malicious links within the email as a far more efficient distribution mechanism.”

The report also notes that spam is more targeted and less “scattershot” than in the past, “with many spammers preferring to target specific groups of users with the hope of generating higher returns.” Name brand pharmaceuticals (like Viagra) and luxury watch brands (like Rolex) are highly-promoted items, while spammers use events and holidays to promote most heavily. “Over time, spammers have learned that the quickest way to attract clicks and purchases—and to generate a profit—is to leverage spoofed brands and take advantage of current events that have the attention of large groups of users.”

Overall, there was an 18% decline in spam volumes between 2011 and 2012. Cisco points out that spammers continue to minimize effort and maximize results. Spam volumes fall on the weekends, when users are AFK, and rise on Tuesdays and Wednesdays (10% higher than other weekdays), proving that spammers, too, believe that Mondays are useless and need to be done away with.

Cisco notes that this schedule allows spammers to live ‘normal lives,’ but that “it also gives them time to spend crafting tailored campaigns based on world events early in the week that will help them to generate a higher response rate to their campaigns.” The report points out that there were several examples in 2012 of spammers taking advantage of world events and human tragedy with the intent of scamming email users. Superstorm Sandy is one significant example, where “Cisco researchers identified a massive “pump and dump” stock scam based around a spam campaign. Using a pre-existing email message that urged people to invest in a penny stock focused on natural resource exploration, the spammers began attaching sensational headlines about Superstorm Sandy.” Oddly enough, the spammers used unique IP addresses to send batches of spam emails, and have not used those addresses since.

Language use was notable, too. Spammers, Cisco discovered, “focus their efforts on creating spam messages that feature the languages spoken by the largest audiences who use email on a regular basis.” According to Cisco research, the top languages used in spam messages during 2012 were English, Russian, Catalan, Japanese, and Danish.

Leave a Reply