China, US remain active spam distributors in Q1 2013

Kaspersky Lab has released latest figures as part of its annual spam report. According to its findings in the first quarter of this year, unsolicited correspondence in email traffic rose slightly (+0.53 percentage points) and averaged 66.55 percent. Further, the report found there to be only a small growth in the the proportion of emails with malware-ridden attachments – reaching 3.3 percent. Interestingly, the share of phishing emails declined 4.25 times to 0.0004 percent. 


China (24.3 percent) and the US (17.7 percent) remained the most active spam distributors. South Korea came 3rd with 9.6 percent of all distributed spam in Q1 2013. Interestingly, the spam originating from these countries targets different regions: most Chinese spam is sent to Asia while junk mail from the US is mainly distributed in North America, i.e. its major part can be considered internal spam. Unsolicited messages from South Korea, meanwhile, go chiefly to Europe.

India tops the list again (Image credit: Getty Images)

Only a slight growth recorded (Image credit: Getty Images)



The latest spam report notes that in the review period, spammers took to techniques that although were well known at one time, fell into disuse. The spammers revived the use of the method of creating background noise known as "white text”. This method involves adding random pieces of text (this quarter they were sections of news reports) to the email. These insertions are in light grey font against a grey background and are separated from the main text of the ad with a lot of line breaks. Explaining this technique further, the report adds that the scammers expect content-based spam filters to regard these emails as newsletters. Besides, the use of random news fragments makes each email unique and thus difficult to detect.


In addition to that, spammers have been exploring the possibilities of legal services and are now using them to bypass spam filtering. The actual address to which the malicious link leads is masked by two legal methods at once. Firstly, the spammers used the Yahoo URL shortening service and then processed the subsequent link through Google Translate. This service can translate webpages in the user-specified link and generate its own link to that translation. The combination of these techniques makes each link in the mass mailing unique and furthermore, the use of the two well-known domains adds "credibility" to the links in the eyes of the recipient.


Interestingly, there were many high-profile events that occurred in the first quarter of this year, like the death of the Venezuelan President Hugo Chavez, the resignation of Pope Benedict XVI and the subsequent election of Pope Francis. There were many mass mailings which imitated BBC or CNN news reports and the users’ curiosity was aroused by the promises of sensational photos and video footage.


In Q1 2013, the percentage of unsolicited correspondence in mail traffic fluctuated from month to month, although the average figure remained practically unchanged from the previous quarter. We expect the share of spam to remain at its present level in the future or grow slightly due to the recent increase in the number of multimillion mass mailings,” commented Tatyana Shcherbakova, Senior Spam Analyst, Kaspersky Lab. “Spammers keep trying to draw users’ attention to their messages: they use famous names, world events or fake notifications from popular online resources. Many emails contain links to malicious programs, including exploits. We would like once again to remind users not to click the links in emails, even if the sender appears to be someone you know. It is much safer to enter the address in the browser manually.”

Published Date: May 09, 2013 07:53 pm | Updated Date: May 09, 2013 07:53 pm