Spammers leverage calamities for attacks

Earthquakes taking place in Haiti and Chile were being used by spammers globally to increase phishing and spam attacks in February, IT security company Symantec has said in a report.

Scam and phishing messages last month accounted for 19 per cent of all spam, which is two percentage points lower than in January, but nevertheless an elevated level. Spammers continued to use the earthquake in Haiti, and the recent earthquake in Chile as another vector to utilise.

They also used other current high-profile events, such as recent auto recalls, to deliver spam messages. Also taking a look at international threats, the report highlighted attacks specific to Brazil, China, Russia and India.

Symantec observed a 16 per cent increase from the previous month in all phishing attacks. This was primarily due to an increase in the volume of unique URL and IP attacks. About 13 per cent of phishing URLs were generated using phishing toolkits, an increase of nine per cent from the previous month. A 12 per cent increase was observed in non-English phishing sites from the previous month. There was a significant increase in phishing sites in Italian and French languages. The increase in Italian language phishing was attributed to a rise in attacks on three Italian banks.

Phishing on one Canadian financial institution and one French bank led to the rise in attacks in French. More than 98 web hosting services were used, which accounted for 12 per cent of all phishing attacks.

On February 27, an earthquake with a magnitude of 8.8 occurred off the coast of Chile. As Symantec noted in February's report, spammers continue to leverage tragic events like the Haiti quake to their benefit. The example below downloads malware when the user clicks on the link to view the video.

There has been several recalls from multiple automobile manufacturers recently.

Due to a very large number of vehicles involved in this round of recalls, there has been widespread interest in developments regarding this event. In these examples, spammers trick the user to give up personal information by pretending to be a legal industry representative.

In the previous month's report, Symantec highlighted a sharp decline in spam containing .cn URLs. This was due to the China Internet Network Information Center's (CNNIC) action to tighten registration of .cn domains. Although spam messages containing .cn URL crept up a little bit towards the end of February, the effect of CNNIC's new policy is clearly shown in the graph below.

However, Symantec researchers have noticed a strong inverse relationship between .cn and .ru URLs as spam messages with .ru domains have increased dramatically. Spammers may have just found themselves a refuge after getting pushed out by CNNIC.

Unlike last month when Emea region recorded 7.9 percentage point increase month-over- month, the geographical breakdown of origin of spam remained fairly flat in February.

Internationally, spammers delivered malware by luring the user with pictures of the Rio Carnival. Chinese spammers sent product spam using the Chinese New Year holiday. Russian spammers used the Defender of the Fatherland Day, a holiday observed in Russia, to send replica product spam.

Symantec observed an attack on the Indian Income Tax Department. It is the season of tax returns in India and phishers chose the right time to send these phishing messages. Most users are not aware of these attacks, which state that the customer is eligible for a tax refund.