Phishing, Spam and Malware Statistics for June 2010

Our statistics show that some interesting things were happening in June 2010.

Most phished brands
Paypal got into the focus of the phishers’ attempts to steal account information again – three quarter of all phishing attempts attacked Paypal accounts. Craigslist also was increasingly attacked – we see no reason though why this online advertisement community site gets more attention now. Ebay accounts seem to be less attractive, the amount of phishing attacks is down to a quarter of the last month’s value.

Sorted by amount Sorted by deviation
# Brand name % Deviation from
May 2010
in %
# Brand name Deviation from
May 2010
in %
1 Paypal 75.01 47.12 1 Others 100.00
2 Others 10.82 100.00 2 Craigslist 100.00
3 HSBC Bank 3.60 -194.57 3 Paypal 47.12
4 Ebay 2.76 -413.61 4 Irs -6.12
5 Facebook 2.20 -113.33 5 World of Warcraft -24.39
6 World of Warcraft 2.01 -24.39 6 Halifax -71.15
7 Craigslist 1.08 100.00 7 Bank of America -109.26
8 Bank of America 0.88 -109.26 8 Facebook -113.33
9 Halifax 0.85 -71.15 9 HSBC Bank -194.57
10 Irs 0.80 -6.12 10 Ebay -413.61


Most abused TLDs
Still number one domain for spreading malware and for hosting phishing sites is the .com domain. A trend to the increased usage of raw IP addresses can be seen in June. Worrying is that the Russian domain gets used more often to host malware again.

Phishing Malware
# Top level domain % Deviation from
May 2010
in %
Top Level Domain % Deviation from
May 2010
in %
1 .com 61.24 14.16 .com 47.22 14.56
2 Others 12.96 100.00 IP Address 12.17 99.94
3 .net 4.56 -55.19 Others 8.19 100.00
4 IP Address 4.42 99.46 .ru 6.82 36.68
5 .org 3.71 -54.68 .net 5.93 -4.92
6 .it 2.51 74.53 .org 4.48 -20.10
7 .br 2.08 -47.35 .cn 3.06 -8.14
8 .uk 1.55 -90.36 .info 2.63 -29.04
9 .fr 1.36 -40.12 .br 2.14 11.97
10 .ru 1.27 -53.42 .kr 1.98 -32.73
11 .de 0.95 -56.67 .in 1.62 53.01
12 .to 0.92 21.37 .de 1.11 22.33
13 .us 0.86 -108.26 .fr 0.99 53.99
14 .tk 0.82 1.92 .it 0.88 -12.76
15 .info 0.78 -135.35 .pl 0.79 12.39


Most abused file extensions
The file extensions which got used to spread malware didn’t change much, overall the distribution seems stable. Catching the eye is the increased usage of .htm/.html pages though, which almost doubled in June. The usage of PDF files in widespread attacks decreased significantly as well.

Sorted by amount Sorted by deviation
# Extension % Deviation from
May
in %
# Extension Deviation from
May
in %
1 exe 39.58 0.89 1 html 96.08
2 none 23.85 -18.39 2 htm 94.81
3 txt 8.53 4.52 3 aspx 54.55
4 htm 6.39 94.81 4 gif 47.61
5 html 6.26 96.08 5 pl 44.07
6 php 5.05 -12.48 6 asp 36.23
7 jpg 3.97 23.77 7 dat 29.41
8 gif 1.81 47.61 8 dll 24.88
9 dll 1.55 24.88 9 jpg 23.77
10 com 0.79 18.64 10 com 18.64
11 pdf 0.43 -152.50 11 png 14.29
12 png 0.30 14.29 12 cmd 14.29
13 js 0.27 -82.43 13 txt 4.52
14 asp 0.25 36.23 14 exe 0.89
15 dat 0.25 29.41 15 php -12.48
16 pl 0.21 44.07 16 none -18.39
17 zip 0.15 -114.63 17 rar -30.00
18 swf 0.11 -76.67 18 swf -76.67
19 rar 0.07 -30.00 19 js -82.43
20 css 0.07 -110.53 20 css -110.53
21 ocx 0.05 -121.43 21 zip -114.63
22 aspx 0.04 54.55 22 ocx -121.43
23 cmd 0.03 14.29 23 pdf -152.50


Spam categories
It is amazing that the distribution of the spam categories doesn’t change significantly. Just like in the last months, the “top ranks” of advertised product categories stay the same.

Sorted by amount Sorted by deviation
# Category % Deviation from
May 2010
in %
# Category Deviation from
May 2010
in %
1 Other 53.98 -33.57 1 Phishing 1.90
2 University 12.96 0.52 2 University 0.52
3 Pharmacy 10.52 -24.21 3 Casino 0.45
4 Watch 4.33 -8.38 4 Malware 0.24
5 Casino 3.34 0.45 5 Fashion 0.02
6 Phishing 2.93 1.90 6 Commercials -0.47
7 Nigerian 2.69 -2.16 7 Lottery -1.25
8 Loan 2.26 -2.31 8 Software -1.69
9 Software 1.98 -1.69 9 Nigerian -2.16
10 Lottery 1.80 -1.25 10 Loan -2.31
11 Jobs 1.64 -2.58 11 Jobs -2.58
12 Malware 1.53 0.24 12 Watch -8.38
13 Fashion 0.02 0.02 13 Pharmacy -24.21
14 Commercials 0.00 -0.47 14 Other -33.57

Sorin Mustaca
Manager International Software Development

Dirk Knop
Technical Editor