Slightly more spam, even more insidious techniques: Kaspersky Lab
By Digital News Asia May 16, 2013
- Spammers switched to techniques that were once well known but have fallen into disuse
- Been exploring possibilities of legal services and are now using them to bypass filtering
IN the first quarter of the year (Q1 2013), the amount of unsolicited correspondence in email traffic grew slightly (+0.53 percentage points) and averaged 66.55%, according to the latest spam report by Kaspersky Lab.
The increase in the proportion of emails with malicious attachments was also small, reaching 3.3%, while the share of phishing emails fell 4.25 times to 0.0004%.
In Q1 2013, spammers switched to techniques that were once well known but have fallen into disuse, Kaspersky Lab said in a statement.
“In Q1 2013, the percentage of unsolicited correspondence in mail traffic fluctuated from month to month, although the average figure remained practically unchanged from the previous quarter,” said Tatyana Shcherbakova, senior spam analyst at Kaspersky Lab.
“We expect the share of spam to remain at its present level in the future or grow slightly due to the recent increase in the number of multimillion mass mailings.
Spammers revived the use of the once-popular method of creating background noise known as ‘white text.’ This method involves adding random pieces of text (this quarter they were sections of news reports) to the email. These insertions are in light grey font against a grey background and are separated from the main text of the ad with a lot of line breaks.
The scammers expect content-based spam filters to regard these emails as newsletters and, besides, the use of random news fragments makes each email unique and thus difficult to detect.
In addition, spammers have been exploring the possibilities of legal services and are now using them to bypass spam filtering. The actual address to which the malicious link leads is masked by two legal methods at once.
Firstly, the spammers used the Yahoo URL shortening service and then processed the subsequent link through Google Translate. This service can translate webpages in the user-specified link and generate its own link to that translation.
The combination of these techniques makes each link in the mass mailing unique and furthermore the use of the two well-known domains adds ‘credibility’ to the links in the eyes of the recipient.
In the first quarter of 2013, several high-profile events occurred: Venezuelan President Hugo Chavez died, Pope Benedict XVI resigned and the new Pope Francis was officially inaugurated, Kaspersky Lab noted.
As usual, such events did not go unnoticed by spammers. There were many mass mailings which imitated BBC or CNN news reports and the users’ curiosity was aroused by the promises of sensational photos and video footage.
“Spammers keep trying to draw users’ attention to their messages: They use famous names, world events or fake notifications from popular online resources,” said Shcherbakova.
“Many emails contain links to malicious programs, including exploits. We would like once again to remind users not to click the links in emails, even if the sender appears to be someone you know. It is much safer to enter the address in the browser manually,” she added.
China (24.3%) and the US (17.7%) remained the most active spam distributors. South Korea came third with 9.6% of all distributed spam in Q1 2013.
Interestingly, the spam originating from these countries targets different regions: Most Chinese spam is sent to Asia while junk mail from the United States is mainly distributed in North America. Unsolicited messages from South Korea, meanwhile, go chiefly to Europe.
To download the full Kaspersky Lab spam report, click here.