Phishing, Spam and Malware Statistics for May 2010

It’s time for the update on last month’s Phishing, Spam and Malware statistics again!

Most phished brands

In May 2010, phishing for Paypal account data significantly decreased – while Paypal still is the top target of the cyber criminals though. Increasingly interesting seems to be Ebay and there is also a noticeable shift to “others” which includes all non-listed online banks. Also, tax season seems to be over, the IRS phishing dropped quite a bit.

Sorted by amount Sorted by deviation
# Brand name % Deviation from
April 2010
in %
# Brand name Deviation from
April 2010
in %
1 Paypal 44.99 -48.71 1 Others 100.00
2 Ebay 16.05 33.64 2 Halifax 38.20
3 Others 13.22 100.00 3 Ebay 33.64
4 HSBC Bank 12.04 -23.04 4 NatWest 32.61
5 Facebook 5.33 -15.28 5 Bank of America 2.65
6 World of Warcraft 2.83 -14.38 6 World of Warcraft -14.38
7 Bank of America 2.09 2.65 7 Facebook -15.28
8 Halifax 1.65 38.20 8 HSBC Bank -23.04
9 Irs 0.96 -42.31 9 Irs -42.31
10 NatWest 0.85 32.61 10 Paypal -48.71

Most abused TLDs

The main hosting domain for Phishing and Malware spreading sites still is the .com domain. The absolute amount hosted on .com domains is decreasing though. A big increase is noticeable in the usage of plain IP addresses and “other” domains, where “other” means every non-listed domain. The huge drop in Korean domains hosting phishing sites is interesting, too, while the reason for that is unclear.

Phishing Malware
# Top level domain % Deviation from
April 2010
in %
Top Level Domain % Deviation from
April 2010
in %
1 .com 49.71 -11.66 .com 44.53 -28.10
2 Others 15.61 100.00 IP Address 13.76 99.83
3 .net 6.69 -8.03 Others 7.60 100.00
4 .org 5.42 -93.95 .net 6.83 -4.23
5 IP Address 4.88 99.39 .org 5.93 14.61
6 .br 2.90 6.94 .ru 4.74 23.10
7 .uk 2.80 23.73 .info 3.73 -20.06
8 .ru 1.84 5.26 .cn 3.63 10.46
9 .fr 1.80 25.73 .kr 2.91 -27.72
10 .info 1.74 -28.76 .br 2.07 -26.58
11 .us 1.69 66.96 .it 1.08 -7.30
12 .de 1.40 27.66 .de 0.95 -59.58
13 .pl 1.33 37.08 .in 0.83 -39.34
14 .au 1.29 43.93 .pl 0.76 -36.13
15 .kr 0.89 -246.22 .uk 0.65 8.48

Most abused file extensions
Changes are noticeable in slight decreased usage of .exe files, domains directly, .txt files and .php scripts. But there is a spike in PDF and SWF (Flash Player-) files being abused. This may be related tothe attack on the vulnerability in Adobe’s Flash Player for which the company has released updated software short time ago.

Sorted by amount Sorted by deviation
# Extension % Deviation from
April
in %
# Extension Deviation from
April
in %
1 exe 43.28 -6.52 1 cmd 66.67
2 none 31.03 -22.85 2 ocx 56.25
3 txt 8.95 -34.95 3 pdf 52.15
4 php 6.24 -53.08 4 swf 43.40
5 jpg 3.33 13.88 5 zip 35.23
6 dll 1.29 -13.54 6 css 30.00
7 pdf 1.20 52.15 7 aspx 20.00
8 gif 1.04 -94.30 8 jpg 13.88
9 com 0.71 -46.93 9 png 2.78
10 js 0.53 -31.85 10 dat 2.08
11 htm 0.37 -222.58 11 exe -6.52
12 zip 0.35 35.23 12 pl -12.12
13 png 0.28 2.78 13 dll -13.54
14 html 0.27 -189.71 14 none -22.85
15 swf 0.21 43.40 15 js -31.85
16 dat 0.19 2.08 16 txt -34.95
17 asp 0.17 -59.09 17 com -46.93
18 css 0.16 30.00 18 rar -50.00
19 pl 0.13 -12.12 19 php -53.08
20 ocx 0.13 56.25 20 asp -59.09
21 rar 0.10 -50.00 21 gif -94.30
22 cmd 0.02 66.67 22 html -189.71
23 aspx 0.02 20.00 23 htm -222.58

Spam categories
Eye-catching is that there are no significant changes in the spam category distribution. Very little up- and downs, but the overall ranks stay the same: Unwanted advertisements are sent by email mainly for Online Pharmacies, Fake Watches and Fake University degrees.

Sorted by amount Sorted by deviation
# Category % Deviation from
April 2010
in %
# Category Deviation from
April 2010
in %
1 Other 50.47 13.36 1 Pharmacy 13.76
2 Pharmacy 20.02 13.76 2 Other 13.36
3 Watch 7.32 3.10 3 Watch 3.10
4 University 7.17 2.92 4 University 2.92
5 Nigerian 2.80 0.89 5 Jobs 2.25
6 Loan 2.64 1.41 6 Loan 1.41
7 Jobs 2.43 2.25 7 Nigerian 0.89
8 Software 2.11 0.43 8 Software 0.43
9 Lottery 1.76 0.31 9 Lottery 0.31
10 Casino 1.67 -1.61 10 Commercials 0.27
11 Malware 0.75 -0.27 11 Phishing 0.13
12 Phishing 0.59 0.13 12 Fashion -0.00
13 Commercials 0.27 0.27 13 Malware -0.27
14 Fashion 0.00 -0.00 14 Casino -1.61

Sorin Mustaca
Manager International Software Development

Dirk Knop
Technical Editor