Current events around the world became the focal point of many malicious and innocuous spam campaigns in the email and mobile messaging space this quarter. In Cloudmark’s 2014 Q1 Global Messaging Threat Report we’ve detailed several malicious campaigns that have reverted to a more old fashioned way of distributing malware, email spam, following the arrest last fall of alleged Blackhole author Dmitry Fedotov. In the UK, football and the start of the horseracing season have led to weekly spikes tailored around the events. However, the civil unrest in Ukraine, a major world event in the spotlight the quarter, has had a much less noticeable affect on its country’s spam levels.
While violent protest may not have broken out in all parts of the Ukraine, it isn’t unreasonable to expect these events to impact an opportunistic business like spam. Yet, Ukraine remained one of the top twenty global exporters of email spam during the first quarter and continued as one of the top ten countries for number of IP addresses blacklisted by Cloudmark. While the Ukraine continues to be one of its own largest sources of spam within the country, other nations are being targeted. Of the messages leaving the country, an overwhelming majority are unsurprisingly destined for the U.S. The second most hit country, Japan, is seeing an influx of messages peddling adult services and horse betting tips. Details on the relative amounts sent various other targets are below:
With the vacuum created by the absence of Blackhole’s supposed author, some cybercriminals appear to have returned to using scare tactics as a means of tricking recipients into opening malicious attachment. One such run of messages targeting users in the US issued falsified messages notifying the recipient of a friend’s death. These death notifications even poach the contact details of an actual funeral home from the state of Florida to lend an air of legitimacy. An example:
Anyone who followed the message’s advice was met with a file that used the location of the viewer’s IP address to custom-name itself. A similar attack is being seen in the UK. This attack uses the scare of one’s own mortality instead of that of a friend. Fake notices from the National Institute of Health and Care Excellence are being sent out claiming that a recent blood sample from the recipient had tested positive for “a suspicion of a cancer.”
Not everything this quarter has been quite so morbid. Sports fans and bettors in the UK had a myriad of opportunities to risk a few pounds on their favorite horses and football stars thanks to a slew of targeted SMS campaigns. Popular fixtures of the Premier League and highly anticipated horseracing events such as Cheltenham gave sports books the motivation to send record numbers of betting offers and tips via SMS. The most prominent spike during the period was attributed to the Chelsea vs Man. United match on the 19th of January. On that single day, over 16 percent of all reported SMS in the UK came from casinos and sports books advertising their services. In the figure below, each spike was easily attributed to various sporting events and horseraces around the UK:
For more on these trends and insights into more topics such as India’s regulatory success against mobile spam, please visit our 14Q1 GMTR.