The people over at Kaspersky Lab have written a post about the changes in spam volume 2013, compared to 2012. Compared to the previous year, the volume is down to 69.6%, dropping 2,5% compared to 2012.
A compilation of spam volume 2013 facts from the post:
- The proportion of spam in email flows was 69.6% in 2013, which is 2.5 percentage points lower than in 2012
- The greatest amount of spam – 23% – was sent from China
- The percentage of emails with malicious attachments was 3.2%, which is 0.2 percentage points lower than in 2012
- 74.5% of spam emails sent in 2013 were no more than 1 KB in size
- 32.1% of phishing attacks targeted social networks
As you can see from the graph below, the spam volume is still a large part of total email volume, but dropped below 70% for the first time last year:
One disturbing trend the post points to is that of ‘gray’ mail: official email sent via ‘good’ servers and senders, but to email addresses that have been purchased. Also, Kaspersky Lab detected a lot of fake messages seemingly coming from antivirus vendors. Names involved include Trend Micro and Symantec.
To read the in-depth article with all details, head over to this page.
The BBC has reported no less than 16 million German email addresses stolen, and account passwords stolen as well by hackers. The hackers infected the computers of the victims which in turn registered those victims in a network from where their data could be stolen.
The German Federal Office of Security (BSI, Bundesamt für Sicherheit in der Informationstechnik) is investigated the matter, but no sign yet of any details of where the theft has originated from. The agency has created a website to check whether you have been hacked or not. The website can be found here. On the first day more than 300,000 people had already visited the website. With this many German email addresses stolen, it seems that the hackers have been executing their theft quite professionally.
German news site Bild (Google Translate version of article) notes that when a match is made with an email address that is entered on that website, an email will be sent to that email address. That email contains tips on what to do: if a match is made the chances are pretty high that the email address owner’s computer is infected.
The fact that more than half of the stolen email addresses ended with .de provided the insight that the attack was aimed mainly at German email address owners. 16 million addresses would cover about one fifth of the total german population.
Global spam volume has seen a big increase in February over past months: Cisco’s Senderbase shows a rise of 64% from January, from 77.3 Billion to 126.9 Billion emails. The effect of shutting down many spam operations by the authorities in cooperation with companies like Microsoft, Google and others has been watered down by this increase, sadly.
Last year, global spam volume had seen a steady decline from May 2012, dropping to a low point of 77.3 Billion emails in January this year.
The sharp increase in spam volume in February however has also seen many new malware-including emails being sent. This includes weight loss emails but also Facebook Services emails including links to shady websites.
Spam volume up? Quit email, security company says
A European security company called ‘The European Network and Information Security Agency’ even went as far as saying there should be a campaign to stop using email. The main reason noted is that email is insecure, and the receiver currently cannot correctly assess whether the email would be a threat or if it would be safe.
I don’t know about them, but I can’t think of a better communication method for businesses right now than email, even with all the bad stuff involved including spam, scam and phishing emails and such.
Spamhaus, the well-known anti-spam DNS blacklist service, has been hit by a severe DDoS attack over the weekend. Users have been informed by Spamhaus of certain services like their website and email server being unavailable, with them working to get things back online yesterday.
At first it was noted by SoftpPedia that Anonymous was behind the attack, however Spamhaus themselves have provided an update on their website stating that this is not true, and that a Russian / Eastern European cybercrime gang was behind the attack.
An update was posted on Pastebin called ‘Operation Stophaus‘, demanding that the Spamhaus Project should stop their activities.
A quote of the pastebin:
Spamhaus has recently blackmailed several multinational carriers into disconnecting clients, breaching their own contracts, without any legal procedure whatsoever, and pretty much everyone on the internet so-far has feared spamhaus too much to report them to the authorities, wether they have a legal department to do so or not. reporting spamhaus to the authorities has shown to result in more listings, such as on their DROP list, which breaks access to significant parts of the internet completely. Spamhaus advertising its use as such, constitutes to breach of the UK Computer Sabotage Act. they know that by listing anything on DROP, they’re breaking internet access (at least partially), and use it as a means to terrorize people into giving them their way.
Spamhaus noted in their update that the above was posted by a disgruntled spammer, and not by anonymous.
The ROKSO list, or the Register of Known Spam Operations, is a list of roughly 100 spam operations managed by Spamhaus. Spamhaus notes on the ROKSO page that about 80% of all spam received by internet users in Europe and North America originates from this group. The group consists of 1 to 5 spammers per operation, which makes the total number of people involved between 300 and 400.
Below is part of the ROKSO list as of 19th Feb, 2013:
Luckily for first time offenders or non-professional spammers (that is, marketing departments that don’t know how to handle their lists correctly) there’s a 3 strikes method of putting spammers on the list. This means that you / your company must have been terminated by your ISP for at least 3 times for AUP (acceptable use policy) violations. After that, one gets listed on the ROKSO list, and IPs under control of the spam operation will be added to the Spamhaus Block List (SBL).
Spammers involved are those that see ISPs simply as throwaway resources: if and when they get caught, they’re already preparing to move their operation to a different ISP where they have already set up new IPs and domains.
For more information, check out the ROKSO faq on the Spamhaus website.