Our latest intelligence figures show that SMB spam is down by 10 percentage points over last month, dropping to 65.2 percent of email traffic in October. And when you look at the SMB spam trends over the last two years, we’ve tracked a significant and steady decline (see figure 1). This is good news overall and indicates that persistent efforts to uncover and shut down such botnets should continue to pay dividends. But, it doesn’t mean we should be any less vigilant, especially as we enter into the holiday season which is traditionally rampant with spam messages targeted toward holiday events. With many companies running skeleton crews during the holidays, cybercriminals also take the opportunity to launch targeted attacks. They often try to mask these targeted attacks with noisy distributed denial of service attacks (DDoS) while trying something more sinister behind the scenes. Simply put, the bad guys are not on holiday.
Figure 1: SMB Spam Rate October 2012
We’re seeing instances of spam for events which are very familiar among the people in United States commencing this month: Thanksgiving and Black Friday, the day after Thanksgiving that is usually the busiest retail shopping day of the year. Spam messages towards these events have started flowing into Symantec Probe Network. Many of the spam samples observed are encouraging users to take advantage of e-cards, clearance of cars and trucks, products bidding to get the best deals, and replica watches. Clicking the URL will automatically redirect the user to a fake offer website.
Figure 2: E-cards For Thanksgiving day
Figure 3: Fake Bidding deals for Black Friday
A new tactic is being observed, in which domains tempt the users to bid for good deals to win and offer fake product promotions. In such cases, users should be more careful and avoid clicking on the link. The domains used in the attack is registered for one year and its servers were located in United. Below are the examples of spam domains that are taking advantage:-
hxxp://www.GetSignedxxxxxStartBidding.com
hxxp://www.BidQuickxxxWin.com
hxxp://www.BidOnlinexxxxGetGreatDeals.com
In one such spam sample of Black Friday, the spammers invite users to purchase the product (Rolex watches) with the reduction by 25 – 50% with some false promises such as :
- It is hand crafted high-end watch copies.
- It is made using identical parts and materials.
- No difference between our watches and the originals!
User need to be more careful with these bogus offers and the spam domain used in the attack that are taking advantage of the Black Friday holiday:
http://www.xxxBlackFridayWatch[removed].com
Some of the Subject Lines observed towards Thanksgiving Day & Black Friday:
Subject: Bake Mini Pumpkin and Blueberry Pies For Thanksgiving!
Subject: xxx@xxx.com: Someone sent you a Thanksgiving Message
Subject: Get your Pinhooks! Thanksgiving is coming
Subject: BLACK FRIDAY PRE-SALE!!! iPads, Digital Cameras, iPhones & PlayStations All For Less Than $20!!!
Subject: Dont wait till 23rd November, Black Friday; Huge Discounts are already ON!
Subject: Black Friday Pricing on ALL INSTOCK inventory
Subject: Early Black Friday Auction
While SMB spam rates have dropped, we’ve seen the SMB virus and phishing rates increase significantly. In October, 1 in 185.9 emails to SMBs comprised some form of phishing attack, compared to 1 in 257.7 during the previous month. The ratio of email-borne viruses in SMB email traffic was 1 in 225.2 emails in October, compared to 1 in 288.4 during the previous month.
Figure 5: SMB Virus Rate October 2012
Symantec advises our SMB customers to be more cautious when handling unsolicited/unexpected emails.
