Symantec says spam attachments up, image spam down

Share this article:

Traditional image spam is again on the decrease, but attachment spam - containing images as part of Microsoft Office files - is on the upswing, according to Symantec's "State of Spam" report for August.

Image spam accounted for only eight percent of all spam during July, a drastic decrease from January, when it totaled 52 percent of junk email. However, the percentage of all spam at the SMTP layer, 66 percent of all email, was consistent with previous months.

Researchers said that PDF spam increased during July, accounting for between two and eight percent of all spam.

Doug Bowers, senior director of anti-abuse engineering at Symantec, told SCMagazine.com today that the stats contained "nothing that’s a huge surprise," but noted trends showing a drop in image spam and an increase in attachment spam.

"Of note, what we’re seeing is [an increase in] PDFs and the larger trend toward attachment spam," he said. "Last month, it wasn’t clear if spammers were going to stick with this. They seem to still be in the poking-and-prodding stage with other attacks."

Twenty-eight percent of all spam pitched products, ranking it as the most common spam category, followed by financial junk mail at 18 percent, internet pitches at 17 percent, health issues at 13 percent and scams at nine percent.

The Santa Clara, Calif.-based company also saw an increase in the use of spam containing Chinese top level domains.

Symantec reported that it captured 250 million copies of greeting card spam last month.

The content of the cards ranged from everyday greetings to holiday-specific messages, according to Symantec.

Researcher Kelly Conley said on the Symantec Security Response Weblog that some versions of greeting card spam lead to malware downloads.

"Greeting card spam containing links to viruses was seen at higher-than-usual numbers in July. More than 250 million Symantec customers were targeted with these message types. Around the Fourth of July, a particularly large outbreak was seen and blogged on," said Conley. "The content of the greeting cards consists of an exposed IP address in most cases, which is a very good indicator that the card is not genuinely good. These exposed IP address links were downloading trojans onto computers."

 

Click here to email Online Editor Frank Washkuch.

Click here for the latest SC Magazine Podcast – Aug. 6, 2007: Interview with Jeff Moss, Black Hat founder and director.

 

Share this article:

Sign up to our newsletters

More in News

AOL Mail hack furthers spam campaign using spoofed accounts

AOL confirmed on Monday that it was aware of the issue and working to remediate the situation.

Backdoors in Wi-Fi routers, said to be closed, can be reopened

Backdoors in Wi-Fi routers, said to be closed, ...

Although said to be patched, researcher Eloi Vanderbeken discovered during the Easter holiday that backdoors existing in certain wireless routers can be reactivated.

Apple ships Mac OS X updates, fixes several code execution bugs

Apple ships Mac OS X updates, fixes several ...

Among the addressed vulnerabilities, was a bug affecting WindowServer, which could allow an attacker to execute malicious code outside the sandbox.