Symantec Report Finds Spammers are Taking Advantage of New Year Holidays and Major Events

Symantec Corp. (Nasdaq: SYMC) announced the findings of its January Symantec Intelligence Report, which shows that spammers are using holidays and major events to make their mail more appealing.

Symantec Intelligence has seen more than 10,000 unique domain names compromised with a redirect script written in PHP that contains a reference to the New Year in the file name. These redirect scripts were hosted on compromised Web sites and links to these were included in spam emails, which were subsequently blocked by

To further entice recipients to open their messages, spammers used additional social engineering techniques by including parameters in the URL to suggest that the destination is a social networking site.

Symantec Intelligence expects to see spammers taking advantage of other “calendar events” with one of the most important traditional Chinese New Year celebrations (which started this week on January 23, 2012 and will continue for fifteen days), as well as the fast-approaching Valentine's Day.

“We also expect to see plenty of spam and malware taking advantage of some of the major upcoming sporting events this year. We are already seeing references to the Summer Olympics in London as part of 419 or advance fee fraud messages,” said Paul Wood, senior intelligence analyst, Symantec.

“By relating their mails to widely-celebrated holidays and current events with global interest, spammers and malware authors can (at first glance at least) make their messages more interesting, and increase the chance of recipients visiting spam Web sites or becoming infected,” Wood said.

During December, global spam levels dropped, but in January gradually returned to similar levels as in November 2011, which is still lower than the 2011 average.

Other Report Highlights:

Spam: In January 2012, the global ratio of spam in email traffic rose by 1.3 percentage points since December 2011, to 69.0 percent (1 in 1.45 emails). This follows a more noticeable drop in December when spam fell by 2.8 percentage points to 67.7 percent. The recent increase means that spam has almost returned to the same level as in November 2011.

Phishing: In January, the global phishing rate increased by 0.06 percentage points, taking the average to one in 370.0 emails (0.27 percent) that comprised some form of phishing attack.

E-mail-borne Threats: The global ratio of email-borne viruses in email traffic was one in 295.0 emails (0.33 percent) in January, a decrease of 0.02 percentage points since December 2011. In January, 29.0 percent of email-borne malware contained links to malicious Web sites, unchanged since December 2011.

Web-based Malware Threats: January saw an average of 2,102 Web sites each day harboring malware and other potentially unwanted programs including spyware and adware; a decrease of 77.4 percent since December 2011.

Endpoint Threats: The most frequently blocked malware for the last month was WS.Trojan.H. WS.Trojan.H is generic cloud-based heuristic detection for files that possess characteristics of an as yet unclassified threat. Files detected by this heuristic are deemed by Symantec to pose a risk to users and are therefore blocked from accessing the computer.

Geographical Trends:

  • Saudi Arabia became the most spammed geography in January; with a spam rate of 75.5 percent.
  • China was the second most-spammed with 75.0 percent of email traffic blocked as spam.
  • In the US, 69.0 percent of email was spam and 68.7 percent in Canada.
  • The spam level in the UK was 69.3 percent.
  • In The Netherlands, spam accounted for 70.7 percent of email traffic, 68.2 percent in Germany, 69.1 percent in Denmark and 68.6 percent in Australia.
  • In Hong Kong, 67.5 percent of email was blocked as spam and 66.7 percent in Singapore, compared with 65.6 percent in Japan.
  • Spam accounted for 69.5 percent of email traffic in South Africa and 73.1 percent in Brazil.
  • The Netherlands became the country most targeted for phishing attacks in January, with one in 62.6 emails identified as phishing.
  • The UK was the second most targeted country, with one in 179.4 emails identified as phishing attacks.
  • Phishing levels for the US were one in 1,145 and one in 379.9 for Canada.
  • In Germany phishing levels were one in 797.6, one in 330.9 in Denmark.
  • In Australia, phishing activity accounted for one in 542.2 emails and one in 942.9 in Hong Kong; for Japan it was one in 5,692 and one in 1,156 for Singapore.
  • In Brazil one in 1,007 emails was blocked as phishing.
E-mail-borne Threats
  • The Netherlands had the highest ratio of malicious emails in January, with one in 61.4 emails identified as malicious.
  • The UK had the second highest rate, with one in 169.1 emails identified as malicious.
  • In South Africa, one in 305.9 emails was blocked as malicious.
  • The virus rate for email-borne malware in the US was one in 592.5 and one in 285.4 in Canada.
  • In Germany virus activity reached one in 471.7 and one in 318.1 in Denmark.
  • In Australia, one in 327.9 emails was malicious.
  • For Japan the rate was one in 1,573, compared with one in 482.9 in Singapore.
  • In Brazil, one in 681.7 emails in contained malicious content.
Vertical Trends:
  • The Education sector became the most spammed industry sector in January, with a spam rate of 71.0 percent.
  • The spam rate for the Chemical & Pharmaceutical sector was 69.0 percent, compared with 68.7 percent for IT Services, 68.4 percent for Retail, 68.9 percent for Public Sector and 68.2 percent for Finance.
  • The Public Sector remained the most targeted by phishing activity in January, with one in 99.1 emails comprising a phishing attack.
  • Phishing levels for the Chemical & Pharmaceutical sector reached one in 838.0 and one in 647.8 for the IT Services sector, one in 529.4 for Retail, one in 169.4 for Education and one in 253.7 for Finance.
  • With one in 90.2 emails being blocked as malicious, the Public Sector remained the most targeted industry in January.
  • The virus rate for the Chemical & Pharmaceutical sector reached one in 381.3 and one in 399.4 for the IT Services sector; one in 407.1 for Retail, one in 138.3for Education and one in 236.7 for Finance.
Market Trends:
  • The spam rate for small to medium-sized businesses (1-250) was 68.9%, compared with 69.1% for large enterprises (2500+).
  • Phishing attacks targeting small to medium-sized businesses (1-250) accounted for one in 225.2 emails, compared with one in 410.9 for large enterprises (2500+).
  • Malicious email-borne attacks destined for small to medium-sized businesses (1-250) accounted for one in 277.3 emails, compared with one in 281.5 for large enterprises (2500+).
The January Symantec Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends.  

About Symantec Intelligence Report

The Symantec Intelligence report combines the best research and analysis from the MessageLabs Intelligence Report and the Symantec State of Spam & Phishing Report. The new integrated report, the Symantec Intelligence Report, provides the latest analysis of cyber security threats, trends and insights from the Symantec Intelligence team concerning malware, spam, and other potentially harmful business risks. The data used to compile the analysis for this combined report includes data from December 2011 and January 2012.