Updated on February 19th, 2013
Symantec Corp. recently released its January Symantec Intelligence Report, which basically shows that spammers are using holidays and major events to make their mail more appealing.
For the New Year event alone, the report claims that more than 10,000 unique domain names have been compromised with a redirect script written in PHP that contains a reference to the New Year in the file name. These redirect scripts were hosted on compromised Web sites and links to these were included in spam emails, which were subsequently blocked by Symantec.cloud. Symantec Intelligence expects to see spammers taking advantage of other upcoming “calendar events” such as the fast-approaching Valentine’s Day.
To make the mails more appealing, spammers allegedly used additional social engineering techniques by including parameters in the URL to suggest that the destination is a social networking site.
“We also expect to see plenty of spam and malware taking advantage of some of the major upcoming sporting events this year. We are already seeing references to the Summer Olympics in London as part of 419 or advance fee fraud messages,” said Paul Wood, senior intelligence analyst, Symantec.
Here are the other highlights of Symantec’s report:
Spam: In January 2012, the global ratio of spam in email traffic rose by 1.3 percentage points since December 2011, to 69.0 percent (1 in 1.45 emails). This follows a more noticeable drop in December when spam fell by 2.8 percentage points to 67.7 percent. The recent increase means that spam has almost returned to the same level as in November 2011.
Phishing: In January, the global phishing rate increased by 0.06 percentage points, taking the average to one in 370.0 emails (0.27 percent) that comprised some form of phishing attack.
E-mail-borne Threats: The global ratio of email-borne viruses in email traffic was one in 295.0 emails (0.33 percent) in January, a decrease of 0.02 percentage points since December 2011. In January, 29.0 percent of email-borne malware contained links to malicious Web sites, unchanged since December 2011.
Web-based Malware Threats: January saw an average of 2,102 Web sites each day harboring malware and other potentially unwanted programs including spyware and adware; a decrease of 77.4 percent since December 2011.
Endpoint Threats: The most frequently blocked malware for the last month was WS.Trojan.H. WS.Trojan.H is generic cloud-based heuristic detection for files that posses characteristics of an as yet unclassified threat. Files detected by this heuristic are deemed by Symantec to pose a risk to users and are therefore blocked from accessing the computer.