In the second quarter of this year, many corporate internet users received harmful e-mails. Usually these messages looked like automatic replies, such as notifications of undelivered mail or receiving fax or scan. If the employee does not read the message thoroughly, he may assume that the message is valid and open its annex activating a damaging program. In the period mentioned above, experts from Kaspersky Lab have recorded an increase in amount of internet cards with dangerous annexes. Such messages were popular in the past but nowadays they are rare. Nevertheless, the second quarter has proven to be unusually abundant in this type of e-mails. Kaspersky Lab has detected such messages with the help of American company Hallmark.
Moreover, spammers seem to have been inspired by some of the tricks from the first quarter of the year, when they used the so called white text. It takes its name from lines of white text, invisible to the reader as it is of the color of the background, added at the end of the message. It is designed to trick spam filters into validating these e-mails as newsletters. There were similar messages sent in the second quarter of the year, this time however authors didn’t hide the text in the background but simply separated it from the annex with many empty lines.
Second quarter in numbers
The percentage of spam in general e-mail activity has increased by 4,2 percent in relation to the first quarter and reached the level of 70,7 percent. In global e-mailing activity, the proportion of phishing messages has decreased to 0,0024 percent.
The most spam was sent from China (23,1 percent), United States (16,8 percent) and South Korea (12,6 percent). However, their share in general distribution has decreased by 1,2, 0,9 and 3 percent respectively.
Dangerous messages are of a very small size, usually below 1 KB. The percentage of such messages has increased in relation to the previous quarter to 73,8 percent.
The number of e-mails with harmful annexes has increased to the point of 2,3 percent of the entire e-mailing movement. The most popular are attempts to steal data, especially those giving access to online banking accounts. In the period described, the structure of phishing attacks has changed as financial organizations have become their priority targets instead of social media as it has been in the past. Senders of this type of messages have started sending harmful e-mails with hidden Trojans which steal names and passwords of the users. Among the dangerous annexes are Facebook and other social media forms as well as imitations of official bank messages.
Recently, spammers have started sending e-mail messages which included harmful annexes imitating notifications of undelivered mail sent by e-mail servers. Another popular trick is sending harmful messages similar to notifications from well-known online resources and adding links to infected internet sites – claims Daria Gutkowa, head of analysis and content research in Kaspersky Lab. A significant amount of spyware software, inside annexes of a harmful spam, makes for a negative trend. Dangerous users are in constant search for personal data, user names and passwords including those for online payment and banking systems. Kaspersky Lab strongly advises users to remain cautious, even when having received e-mails which seem valid – states Daria Gutkowa.