Spammers never pass up the chance of exploiting major events and, as soon as the experts started talking of a new financial crisis, the theme of economic uncertainty flooded the subject lines and contents of September's spam. It was a month rich in messages offering dubious get-rich-quick schemes, promoting legal or consulting services as well as notorious "Nigerian letters" with offers of "anti-crisis" loans.
Spammers resorted to similar tactics during the 2008-09 crisis when financial instability strongly influenced their activities.
September saw the use of several new and sophisticated social engineering techniques to trick unsuspecting users. For example, users received a message that appears to be from McDonald's. It states that the recipient has won the chance to participate in a survey and will get USD80 for doing so. The user follows the link, finds himself on a page with a customer satisfaction survey form and fills it in. After submitting the survey, he is redirected to a further form asking for full credit card details to process the promised USD80 payment. Of course, the information is likely to be used to clean out the user's account, rather than pay any cash.
Another method was a modification of a tactic used in August where a message with an archived malicious attachment read like a short official message, but was wrongly encoded. This played on the recipients' curiosity, tempting them to open the attachment.
Curiosity was not the only method being applied by malicious users - intimidation and threats were also used. For example, one Nigerian email contained a very direct threat - the message claims to be from a contract killer with orders to murder the recipient. But for USD8000 the assassin is willing to spare the intended victim and even betray his paymaster.
A more effective social engineering trick was an email threatening legal action against the user for distributing spam containing malware. Of course, the recipient was invited to open an archived attachment and check the evidence of his address being used to distribute spam.
"Recipients of this type of email should not panic," said Maria Namestnikova, senior spam analyst of Kaspersky Lab. "It's rare for such emails to include personal data about the user or any information about the supposed plaintiff. These are the give-away signs of a fraudulent email aiming to install malicious executable files on personal computers."
In September, malicious files were found in 4.5 percent of all emails - a decrease of 1.4 percent compared to August. The malicious program most frequently detected by Kaspersky Lab's email anti-virus component was Trojan.Win32.FraudST.at, a spam bot that specialises in spreading pharmaceutical mass mailings.
The top-three countries with the highest rates of email anti-virus detection remained unchanged and ranked as follows: the US, Russia and the UK. India showed a significant increase in email anti-virus detections (+1.5 percent), moving the country up two places to fourth.
The full version of spam activity for September 2011 is available at www.securelist.com.
