The August State of Spam Report highlights the continuing decline of image spam, which reached a low in July from its peak in January. In addition, we observed the emergence of a new focus - greeting card spam, PDF and other file attachments spam, and the rise in URLs with Chinese top-level domains (TLDs) marketing spam. This month”s spotlight includes regional spam trends in EMEA.Though still steadily declining, what we”ve come to think of as image spam” has not gone away. The preferred delivery method of this spam type is now PDF, which emerged in June of 2007 and was discussed in a previous post. Symantec is seeing PDF spam ranging between two to eight percent of all spam. July also saw the emergence of yet more tactics focused on spamming images. These tactics include the use of XLS and ZIP files. At this time, the volume of these spam types is low but Symantec is closely monitoring this new technique.Greeting card spam containing links to viruses was seen in higher than usual numbers in July. More than 250 million Symantec customers were targeted with these message types. Around the Fourth of July a particularly large outbreak was seen and blogged on. The content of the greeting cards consists of an exposed IP address in most cases, which is a very good indicator that the card is not genuinely good. These exposed IP address links were downloading Trojans onto computers. A sample of this message type can be seen in the August State of Spam Report.Also observed in July was the rise in the number of spammy URLs utilizing the cn” TLD. While historically the most commonly seen TLDs in spammy URLs were net” and com,” in July Symantec estimates that over 74 million spam messages contained a spammy URL with a cn” TLD. Several possible reasons for this rise are included in the August State of Spam Report.The spotlight on Regional spam trends EMEA” this month showcases casino spam, Italian medication spam and an iPhone scam. European casino spam was first mentioned in the April State of Spam Report. Current observations show this spam type covered by at least three different languages. Samples can be seen in August State of Spam Report. One common attack in the US market is male enhancement” medication spam. The European market, and in particular the Italian market, is now seeing this spam type as well. What is different about this version is that the subject lines of the messages observed were all designed to make it look like the email was from a friend.Another interesting spam seen in the European market was purporting to sell the new Apple iPhone from a UK warehouse. This is interesting because the iPhone is not available in Europe yet and the price listed for the phone was far below retail.
Read More… (From Security Response Weblog)
