Spam in February: Become Part of a Major Botnet

March 24, 2014

ABINGDON, England, March 24, 2014 /PRNewswire/ –

Kaspersky Lab today reveals its Spam analysis for February 2014. It found that many
malicious attachments in February’s spam came in emails allegedly sent by women who wanted
to make new friends in the run-up to Valentine’s Day. Some attackers went even further by
trying to hook recipients with the promise of explicit photos in archives attached to
messages. There were also more conventional malicious mass mailings imitating fake
notifications from popular social networking sites, including Facebook.

February’s love-themed malicious spam was dominated by Trojans, as the cybercriminals’
mass mailings targeted credulous users with a Trojan-Dropper. The Trojan installs two
malicious programs on the system – one is spyware that steals all document files (*. Docx,
*. Xlsx, *. Pdf) from the computer and sends them to a specific mailbox; another is
IRC-bot/worm called ShitStorm which can carry out DDoS attacks on websites and spread
copies of itself via MSN and P2P services. If recipients respond to this sort of email,
their computer can easily become part of a botnet. In addition to Trojan spyware, this
month’s malicious spam included ransomware – a type of malware that blocks the user’s
computer and then demands money to unblock it. The explicit photos also turned out to be
malicious programs and among them was the Andromeda backdoor that allows cybercriminals to
secretly control a compromised computer.

Yet another malicious program imitated fake notifications from major social networking
sites. Messages allegedly sent on behalf of Facebook informed recipients that a lot had
happened on friends’ news feeds since they last visited the site and they were prompted to
open the attached archive to find out more. The archive contained the backdoor from the
aforementioned Andromeda family.

Meanwhile, ‘Nigerian’ scammers could not pass up the opportunity to exploit the
situation in Ukraine and the tragic events that followed in order to cheat users out of
their money. They cited some familiar stories about unfortunate tourists in Kiev who had
all their money stolen, followed by a request for financial assistance.

The share of spam in email traffic

        - The proportion of spam in email traffic in February increased by 4.2
          percentage points compared to the previous month and averaged 69.9 per cent - 1.2
          percentage points less than in February 2013.

Sources of spam

        - China (23 per cent) returned to the top of the rating, followed by the USA
          (19.1 per cent) and South Korea (12.8 per cent). The UK accounted for less than 1 per
          cent (0.69 per cent) of spam.


        - Top 3 types of organisations targeted most frequently by phishers were:
          social networking sites (27.3 per cent), email services (19.34 per cent) and e-pay
          organisations (16.73 per cent). Kaspersky Lab specialists also came across fraudulent
          notifications in February that claimed to be from the Malaysian Hong Leong bank.

“Phishing emails that use the names of major financial and e-payment organisations
from different countries are being actively spread by scammers to steal personal financial
information. A successful attack usually gives the phishers full access to the victim’s
personal account on the banks’ website,” says Tatyana Shcherbakova, Senior Spam Analyst at
Kaspersky Lab.

The full report is available at securelist.com.
[http://www.securelist.com/en/analysis/204792328/Spam_report_February_2014 ]

About Kaspersky Lab

Kaspersky Lab is the world’s largest privately held vendor of endpoint protection
solutions. The company is ranked among the world’s top four vendors of security solutions
for endpoint users*. Throughout its more than 16-year history Kaspersky Lab has remained
an innovator in IT security and provides effective digital security solutions for large
enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the
United Kingdom, currently operates in almost 200 countries and territories across the
globe, providing protection for over 300 million users worldwide. Learn more at


* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue
by Vendor, 2012. The rating was published in the IDC report “Worldwide Endpoint Security
2013-2017 Forecast and 2012 Vendor Shares (IDC #242618, August 2013). The report ranked
software vendors according to earnings from sales of endpoint security solutions in 2012.

Contact: Alice Collins – +44-(0)118-909-0909

SOURCE Kaspersky Lab

Source: PR Newswire

comments powered by Disqus