Anti-spam tools work to the point where users very rarely see spam anymore, but when it does get through, the threat posed by those messages is greater than it has ever been, a new report said.
As in the past, the vast majority of spam messages contained fraudulent offers for counterfeit products, such as bogus pharmaceuticals. Stealing from victims is the main risk there, not to mention phishing, according to a new report from independent security firm AV-Test.
The report, entitled “Spam – More Dangerous than Ever Before,” came from an 18-month study conducted between August 2011 and February 2013, in which AV-Test harvested and analyzed 550,000 spam emails.
Around 2.5 percent of the spam sent today serves a different, darker purpose, the report said – namely, spreading malware.
Certain types of spam emails are especially dangerous. Of the 30,000 spam messages AV-Test analyzed that contained attachments, over 10,000 of them – nearly a third – ended up infected with malware.
The file formats used to deliver the payloads were the usual kinds of things. ZIP attachments and executable formats such as EXE and PIF almost always suffered infection, as were 80 percent of HTML documents sent as attachments. PDF and image attachments occasionally contained exploits, too.
Less prevalent, but much harder to spot, were messages containing links to websites that spread malware. Only around 1 percent of the spam that included URLs contained such links, but such messages are often indistinguishable from those containing more benign links.
But not all spam is equal. In particular, country of origin matters when determining whether a message is likely to contain malware.
As with other studies, AV-Test found the majority of all spam sent originates in the United States, including spam messages containing attachments. But only 15 percent of spam attachments sent from the U.S. were actually malware, compared to 30 percent globally.
Spam attachments sent from India had an infection rate of 78 percent, while runner-up Vietnam sent infected attachments 77 percent of the time.
Predictably, nearly all of the spam analyzed went out from PCs remotely controlled by botnets. Some 25 percent of these spambots only operated Monday through Friday. According to AV-Test, that indicates they were in offices, where PCs ended up switched off over the weekend.
What is the cure? Incoming email should always go through a spam filter, and PCs should have good antivirus software installed to prevent infection by Trojans and rootkits.
The AV-Test report noted the German government and an association of local businesses created a website containing links to tools that can help users check whether their PCs belong to a botnet.