Report: USA an Oasis for Spam

It’s no secret that the US has been a darling for spammers. One of the world’s largest economies makes for a prime target, especially considering the connected nature of the United States. It’s a big target that just can’t be ignored, and the venerable folks at Kaspersky Lab has seen a significant change in the malicious traffic honing in on the US.

In its report, Spam in Q1 2014, Kaspersky catches us up on what’s been happening in the world of spam since their annual report issued in January. As usual, there’s plenty to talk about, so let’s take a look at some of the notables.

First, the United States has seen a significant increase in malicious emails, undergoing some changes since the third quarter of 2013. According to Kaspersky, the US has gone from number three in 2013 (after the UK (9.9%) and Germany (9.6%)) to number one, tipping the scales at 14% , making it the most targeted country for malicious email. That number is up by 3.68%, while the UK (2.27%) and Germany (1.34%) are both down.

The top sources of spam email remains unchanged. China is still in first place and down a modest -0.34%, while the US ticks in at two, up 1.23%, and South Korea is number three and down -0.91%.

Email spam targeting mobile users continues to take the spotlight, and to no-one’s surprise, Android is still a prime target for criminals. But in Q1, Kaspersky spotted a new trend: spam messages are imitating messages from mobile applications. According to Kaspersky, “spammers especially like the cross-platform mobile application WhatsApp: notifications sent on behalf of this application were used by spammers to spread both malware and standard adverts.” This is certainly a troubling development, and while it’s not surprising, it is worth mentioning that spam crossover between mobile and desktop platforms is inevitable and represents yet another danger to anyone who uses email, and anyone concerned with the security of small to enterprise grade networks.

In January, Kaspersky saw a mass mailing that contained an image masquerading as a message from WhatsApp. “An alert user would have queried why this notification had arrived via email as the WhatsApp account is not directly associated with the email box. However, many users are used both to synchronization of their contacts and to the fact that messages from mobile applications can arrive via email so this notification would not surprise the majority of users.” The attachment was nasty, too, containing the Backdoor.Win32.Androm.bjkd exploit, a known backdoor that’s used to infect systems with other malware. They also saw another mass mailing in March that, when the link is clicked, sends the user to a legitimate site that has a JavaScript redirect injected into the site.

Overall spam traffic was down in the first quarter, coming in at 66.34%, down 6.42 percentage points from Q4 2013. However, the report notes, “compared with the same period of Q1 2013, the share of spam in Q1 2014 barely changed, falling by only 0.16 pp.” This is no surprise, as the amount of overall spam continues to hover around 60-70%. The real threat with modern spam is the targeted nature of the messages and the increasingly dangerous way in which spammers are finding new ways to get their victims to click.

Kaspersky also talks about ‘background noise,’ where spammers add random characters and text passages. This method increases the chance that the messages will get to the inbox, and spammers aren’t afraid to pull old but tried-and-true tricks. “Spammers usually try to hide the random text from the user. These old methods, such as placing white text on a white background or simple separation of the “noisy” text from the main content by numerous line breaks, are still widely used by spammers even though these tricks are as old as spam itself.”

But cybercrooks are also continuing to be innovative, using new tricks that reflect some advanced techniques, Kaspersky points out. “One of [the tricks] is to create background noise with HTML tags. This method ensures that the user will not see anything other than the main content while for the spam filter each email will be unique.”

The size of spam messages are predominantly under 1 KB, at about 75% of all sent messages. Kaspersky noted that January saw growth in emails running at 10-20 KB, but this is most likely due to holiday mass mailings, when messages usually contain pictures.

All in all, it’s pretty disturbing stuff, but a must-read as you forge ahead with your security efforts in 2014.

Leave a Reply