Bank Holidays?
May has definitely not been as drab and dreary as showery April. Although the overall view of spam, ham and viruses has not altered extremely, it is the breakdown of each of these which is interesting; the amount of ham seen has decreased from last month by ~3%, with spam gaining this percentage. Phishing activity is continually increasing, but we haven’t seen anything of much excitement. It’s also been a while since we have seen a new virus in the wild - but with May we have seen a change - a new virus and its several variants were detected between the middle and end of the month.
World of Spam
The geographical breakdown for spam, viruses and phishing emails for May can be seen below.
China has been catching up with US for a while recently, and finally is has now overtaken the US to be number one place for relaying spam. Comparing this figure to 6 months ago, China was at 7.11%.
The drop in statistics from the US could be due to better legislation laws and penalities for spammers. UK was in 4th place 6 months ago and now is in 10th place - have UK users started to secure their computers better?
Spam: No honour among thieves
The following picture shows, for each day in May, the relative proportions of email: Spam, ham, and viruses received.
Confirming last month’s theory that spammers don’t work on weekends, the graph above shows a significant drop in spam on May 1st and May 29th - these are both bank holidays in the US and UK - and are as low as the weekend rates.
It seems the tide has turned, spam sponsors are finally paying for years of spamming innocent victims. This story in the Washington post (How Many Spams Can a Scammer Scam If a Spammer Can Scam Spams?) is based on e-fraud, but what is interesting about this story is that the people stealing credit card details are scamming the spammers.
A team of spammers, sponsored by a larger outfit, would send out masses of email selling products such as viagra, cialis, etc. which are then bought by carders (those who steal/clone credit cards) which generates extra revenue for the spammers; but inversely costs the spam sponsors as they have to pay back charges to the victims of the credit card fraud, and have to pay higher prices to the bank due to this activity on the credit card (chargebacks).
| Position | Country | Percentage | ||
|---|---|---|---|---|
| 1 | United Kingdom |
|
66.11% | |
| 2 | Canada |
|
6.4% | |
| 3 | Switzerland |
|
4.88% | |
| 4 | United States |
|
3.21% | |
| 5 | Spain |
|
2.09% | |
| 6 | China |
|
1.72% | |
| 7 | India |
|
1.55% | |
| 8 | Ireland |
|
1.26% | |
| 9 | France |
|
1.16% | |
| 10 | Italy |
|
1.02% |
Phishing: Phalse Impression
In May, 1 in every 180 emails was a phishing attack. Yet again, we see an increase in phishing attacks, which have been increasing constantly since the beginning of this year.
As with April, phishing emails were majorly aimed at Barclays customers, who have seen an increase in activity of 10%. Paypal and eBay came second and third respectively. It is interesing that both of these, one after another, might indicate a correlation between the two attacks, as paypal are a subsidiary of eBay, with users’ buying items from eBay being directed off to a fictitious paypal site, and vica-versa.
Virus Activity: Twist in the tale
Overall, the number of viruses in May has increased from the amount seen in April. This was expected due to an outbreak of a few new viruses we saw. This virus and it’s many variants were seen released from May 19th onwards.
There is no knocking Worm.SomeFool.P from its top place of the virus list, although SomeFool.Gen-2 has gained by nearly 11% from last month - could we see a new top virus for next month?
For May, we’ve excluded phishing attacks from viruses - and have given it its own section - but the UK is still by far the highest country for sending viruses. This is probably a skewed image of reality, as most of our sources are based in the UK, and shows how the ip address generation routines of most viruses are similar, generating addresses which are both numerically, and thus geograpically similar.
This month sees a new second and third, Switzerland and Canada respectively - which are not countries we haven’t seen before in the top 3.
The top three countries for phishing are US, China, and Korea respectively - this shows that phishing attacks and viruses are not related geographically; the distribution of countries related to phishing is more similiar to the geographical location for spam.
As noted above, in terms of overall activity in May, the SomeFool (aka Netsky) family still dominates the virus list, with SomeFool.P the most common variant being closely followed by SomeFool.Gen-2.
| Position | Virus | Percentage | |||
|---|---|---|---|---|---|
| 1 |  |
Worm.SomeFool.P (NetSky.P) |
|
25.59% | |
| 2 |  |
Worm.SomeFool.Gen-2 |
|
21.14% | |
| 3 |  |
Worm.SomeFool.Gen-1 |
|
14.17% | |
| 4 | |
Exploit.HTML.IFrame |
|
8.32% | |
| 5 |  |
Trojan.Downloader.Small-1384 |
|
5.24% | |
| 6 | |
Worm.Mytob.IQ |
|
4.98% | |
| 7 | |
Worm.Mytob.LQ |
|
4.45% | |
| 8 | |
Worm.VB-9 |
|
3.36% | |
| 9 | |
Worm.SomeFool.Z |
|
3.33% | |
| 10 | |
Worm.Mydoom.I |
|
1.3% | |