SOURCE: MessageLabs, Inc

January 30, 2008 06:00 ET

MessageLabs Intelligence: Spammers Exploit New Year Diffidence -- Financial Uncertainties and Personal Insecurities

Cybercriminals Hone Their Business Acumen

NEW YORK, NY and LONDON--(Marketwire - January 30, 2008) - MessageLabs, the leading provider of messaging and web security services to businesses worldwide, today announced the results of its MessageLabs Intelligence Report for January 2008. The new data reveals that spammers have become more business savvy in 2008, capitalizing on news and seasonal trends in a more commercial way as they take advantage of the looming credit crunch and also try to lure in bargain-hungry shoppers with New Year's resolutions. Spammers have increased the number of financial-related email promotions and phishing attacks such as financial product offers, lottery scams, loans and jobs. At the same time, they have cut back on replica watch and other well-known spamming topics and focused their attention on weight loss products and bargain designer clothes in increased volumes.

"2008 got off to an aggressive start, especially for the spammers," said Mark Sunner, Chief Security Analyst, MessageLabs. "Spammers are proving to be more business-minded and time sensitive than ever in their strategies, seeking to exploit the most common and current weaknesses -- everything from New Year weight loss hopes to fears about the credit crunch. Unfortunately every month of the year provides the spammers with a newly vulnerable group to target."

In January, MessageLabs also identified a new form of attack on the rise, search engine spam. Accounting for 17 percent of spam this month, search engine spam typically uses Google and Yahoo engines to redirect searches to erroneous sites. This technique allows the spammer to embed a link constructed from a search engine query within an email message. When activated, the link resolves to the spammer's forged web site. Such a technique makes it harder for traditional anti-spam products to detect because while they may recognize known spam sites in links, they cannot reasonably block links to legitimate search engines like Google or Yahoo.

"In light of the financial market volatility, one may have expected stock spam to also rise," Sunner said. "However, following the indictment of Alan Ralsky, the most prolific stock spammer, stock spam levels have fallen to their all-time lowest, less than 2 percent of all spam."

On analyzing the type of spam used, the majority is now made up of text-only or HTML spam. Text spam has doubled in the past six months and now accounts for around 60 percent of spam compared with approximately 30 percent last summer. Some types of spam, like image spam, have declined. Image spam now accounts for approximately 2 percent of spam, compared with a peak of 20 percent in the summer of 2007. HTML spam now accounts for almost 38 percent of all spam, compared with 50 percent last summer. Other file types including PDF, XLS and MP3 now account for less that 1 percent of spam.

The US remains the dominant source of spam, with spam originating from the US accounting for 36.6 percent of all spam sent in January. Turkey, Korea, Russia and Germany were the other counties which formed the list of the top five spam-sending countries.

Other report highlights:

Web Security: Analysis of web security activity shows that 20.3 percent of all web-based malware intercepted was new in January. MessageLabs identified an average of 1,068 new sites per day harboring malware and other potentially unwanted programs such as spyware and adware.

The proportion of email-based malware identified containing a link to a website hosting malicious content has increased by 4.5 percent since December. This month the proportion of email-based malware containing malicious links was 29.5 percent.

Spam: In January 2008, the global ratio of spam in email traffic from new and previously unknown bad sources was 73.4 percent (1 in 1.36 emails), an increase of 0.3 percent on the previous month.

Viruses: This month, the global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was 1 in 131.4 emails (0.76 percent) in January, an increase of 0.1 percent since the previous month.

Phishing: January saw an increase of 0.13 percent in the proportion of phishing attacks compared with the previous month. One in 147.5 (0.68 percent) emails comprised some form of phishing attack. When judged as a proportion of all email-borne threats such as viruses and trojans, the number of phishing emails has risen by 6.0 percent to 89.2 percent of the malware threats intercepted in January.

Geographical Trends:

--  After the holidays, many countries bore a rise in spam levels, with
    Israel remaining in the top spot targeted with the largest proportion of
    spam, 87.3 percent.
--  In January, spam levels in the US were 69.5 percent, 72.5 percent in
    Canada and 63.8 percent in the UK. German spam levels were 73.8 percent and
    63.5 percent in the Netherlands. Spam levels in Australia were 62.3
    percent, 66.8 percent in New Zealand, 72.0 percent in China and 67.8
    percent in Japan.
--  Virus activity increased across a number of countries in January,
    including India which takes the number one spot with 1 in 30.5 emails.
--  Virus levels for the US were 1 in 191.5 emails and 1 in 158.4 for
    Canada. Virus levels for Australia were 1 in 298.7 and 1 in 768.2 for New
    Zealand, 1 in 92.7 for China and 1 in 273.7 for Japan.

Vertical Trends:

--  Spam levels across the industry sectors rose slightly in January, with
    Agriculture and Manufacturing being the top verticals targeted with the
    highest levels of spam.
--  Spam levels for the IT Services sector was 75.1 percent, 74.6 percent
    for Chemical/Pharmaceutical, 72.1 percent for Retail, 71.2 percent for
    Public Sector and 65.5 percent for Finance.
--  Virus levels for nearly all industry sectors increased in January,
    with Education being the top vertical targeted with the highest virus
--  Virus levels for the IT Services sector were 1 in 143.0, 1 in 125.6
    for Retail and 1 in 177.9 for Finance.

The January 2008 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available at

MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About MessageLabs

MessageLabs is a leading provider of integrated messaging and web security services, with over 16,000 clients ranging from small business to the Fortune 500 located in more than 86 countries. MessageLabs provides a range of managed security services to protect, control, encrypt and archive communications across Email, Web and Instant Messaging.

These services are delivered by MessageLabs globally distributed infrastructure and supported 24/7 by security experts. This provides a convenient and cost-effective solution for managing and reducing risk and providing certainty in the exchange of business information. For more information, please visit

Contact Information