At the same time, the level of malicious mailshots has dramatically increased – Kaspersky Lab products prevented 22,890,956 attempts to infect users via emails with malicious attachments in March 2016, twice the number of attempts reported in February 2016.
Since 2012 the level of spam in email traffic has constantly been decreasing. However, the quantity of emails with malicious attachments has increased significantly – in Q1 2016 it was 3.3 times higher than during the same period in 2015. There was also a growing amount of ransomware reported throughout the quarter. This is often propagated through emails with infected attachments – for example Word documents. The main actor on this field in Q1 was the ransomware Trojan Locky, which has been actively distributed via emails in different languages and has targeted at least 114 countries. Locky emails have contained fake information from financial institutions that have deceived users and forced them to open the harmful attachment.
Kaspersky Lab’s findings suggest that spam is becoming more popular for fraudsters to target Internet users, because web browsing is becoming safer. Almost all popular web-browser developers have now implemented security and anti-phishing protection tools, making it harder for cybercriminals to propagate their malware through infected web pages.
During this quarter fraudsters tried to lure users into opening malicious files, gaining their attention with emails about terrorism, a subject which is always in the news. To prevent terrorist attacks many countries have strengthened their security measures and this has therefore become a popular topic for spam emails.
Some spam fraudsters tried to convince recipients that the file attached to their spam email contained a new mobile application, which, after installation, could detect an explosive terrorist device. The email emphasised that the US Department of Defense had discovered this technology and that it was sufficiently simple and accessible. The attachment usually contained an executive file, which was detected as Trojan-Dropper.Win32.Dapato, malware that can steal personal user information, organise DDoS-attacks and install other malicious software.
Well-known Nigerian spammers also used terrorist topics in their emails. According to the Kaspersky Lab report, the quantity of these emails has increased considerably. These spammers previously preferred to send long emails with a detailed story, and links to news to make it more convincing. However, they are now only sending short messages with no detail, asking the recipients to get in touch.
“Unfortunately we are seeing our previous predictions about the criminalisation of spam coming true. Fraudsters are using diverse methods to attract user attention, and to make them drop their guard. Spammers are employing a diversity of languages, social engineering methods, different types of malicious attachments, as well as the partial personalisation of email text to look more convincing. The fake messages often imitate notifications from well-known organisations and services. This is raising spam to a new dangerous level,” warns Daria Gudkova, Spam Analysis Expert, Kaspersky Lab.