Saltar al contenido principal

Spam in February: become part of a major botnet

20 de marzo de 2014

A lot of malicious attachments in February’s spam came in emails allegedly sent by women who wanted to make new friends in the run-up to Valentine's Day.

A lot of malicious attachments in February’s spam came in emails allegedly sent by women who wanted to make new friends in the run-up to Valentine's Day. Some attackers went even further by trying to hook recipients with the promise of explicit photos in archives attached to messages. There were also more conventional malicious mass mailings imitating fake notifications from popular social networking sites, including Facebook.

February’s love-themed malicious spam was dominated by Trojans, as the cybercriminals’ mass mailings targeted credulous users with a Trojan-Dropper. The Trojan installs two malicious programs on the system – one is spyware that steals all document files (*. Docx, *. Xlsx, *. Pdf) from the computer and sends them to a specific mailbox; another is IRC-bot/worm called ShitStorm which can carry out DDoS attacks on websites and spread copies of itself via MSN and P2P services. If recipients respond to this sort of email, their computer can easily become part of a botnet. In addition to Trojan spyware this month’s malicious spam included ransomware – a type of malware that blocks the user's computer and then demands money to unblock it. The explicit photos also turned out to be malicious programs and among them was the Andromeda backdoor that allows cybercriminals to secretly control a compromised computer.

Yet another malicious program imitated fake notifications from major social networking sites. Messages allegedly sent on behalf of Facebook informed recipients that a lot had happened on friends’ news feeds since they last visited the site and they were prompted to open the attached archive to find out more. The archive contained the backdoor from the aforementioned Andromeda family.

Meanwhile, ‘Nigerian’ scammers could not pass up the opportunity to exploit the situation in Ukraine and the tragic events that followed in order to cheat users out of their money. They cited some familiar stories about unfortunate tourists in Kiev who had all their money stolen, followed by a request for financial assistance.

The share of spam in email traffic

  • The proportion of spam in email traffic in February increased by 4.2 percentage points compared to the previous month and averaged 69.9% - 1.2 percentage points less than in February 2013.

Sources of spam

  • China (23%) returned to the top of the rating, followed by the USA (19.1%) and South Korea (12.8%)

Phishing

  • Top 3 types of organizations targeted most frequently by phishers were: social networking sites (27.3%), email services (19.34%) and e-pay organizations (16.73%). Kaspersky Lab specialists also came across fraudulent notifications in February that claimed to be from the Malaysian HongLeong bank.

"Phishing emails that use the names of major financial and e-payment organizations from different countries are being actively spread by scammers to steal personal financial information. A successful attack usually gives the phishers full access to the victim's personal account on the banks’ website," says Tatyana Shcherbakova, Senior Spam Analyst at Kaspersky Lab.

The full report is available at securelist.com

Spam in February: become part of a major botnet

A lot of malicious attachments in February’s spam came in emails allegedly sent by women who wanted to make new friends in the run-up to Valentine's Day.
Kaspersky logo

Sobre Kaspersky

Kaspersky es una empresa de ciberseguridad y privacidad digital global fundada en 1997. Con más de mil millones de dispositivos protegidos hasta la fecha ante ciberamenazas emergentes y ataques dirigidos, la enorme experiencia de Kaspersky en cuestión de información y seguridad ante amenazas se transforma de forma constante en soluciones y servicios innovadores que ofrecen protección a negocios, infraestructuras vitales, gobiernos y consumidores de todo el mundo. El completísimo catálogo de la compañía incluye los mejores productos y servicios de protección de terminales, así como soluciones de ciberinmunidad para combatir amenazas digitales sofisticadas y en constante evolución. Ayudamos a que más de 200 000 clientes corporativos protejan aquello que más les importa. Más información en www.kaspersky.es.

Artículo relacionado Comunicados de prensa