JANUARY 10, 2014
Your regular source of security updates from TrendLabsSM
In This Issue

Security Spotlight
2013’s Most Notable Spam Trends

Security for Home Users
IoE: Boon or Bomb in the Making?

Security for Business
New Spam Technique: .CPL File Use

Security Spotlight

2013’s Most Notable Spam Trends

While spam have certainly changed and will continue to do so, the ways by which you can avoid becoming their victim remain the same.”

As one of the Internet’s most enduring threats, spam went through very notable changes in 2013. Find out just what 2013 was like spam-wise.

The Death of the Blackhole Exploit Kit

The Blackhole Exploit Kit, a notorious exploit kit, was used in several spam campaigns. It can quickly adapt to existing trends by incorporating newfound exploits for vulnerabilities and using the latest social engineering schemes to infect computers and release damaging payloads.

2013 saw 198 Blackhat Exploit Kit campaigns, a considerably smaller number compared with last year’s. This can be explained by the arrest of the supposed kit creator, Paunch, in early October of 2013. Two weeks after Paunch was brought to justice, the Blackhole Exploit Kit spam run volume significantly dropped and later completely disappeared in December 2013.

Health Spam

The third quarter of 2013 saw a dramatic increase in health-related spam, which made up nearly 30% of the total volume. The spam, numbering around 2 million each day, contained weight loss tips, pharmaceutical product promotions, and so on.

Health-related spam sample

2013 also saw health-related spam change, mostly in terms of how they convinced recipients to click embedded links. In the past, health-related spam were very direct. They had a product image and a few sentences convincing recipients to click an embedded link. They’ve become a bit more subtle with their messaging now; sporting newsletter templates with featured anecdotes and quotes from supposed health experts. This is most likely an effort to appear more legitimate and bypass anti-spam filters.

Malware Attachments

In 2013, malicious spam usually came with ZBOT/ZeuS malware in tow until halfway through the third quarter when TROJ_UPATRE malware ousted ZBOT/ZeuS. In fact, by November, 45% of all malicious spam came with UPATRE strains, which are known for downloading other malware like ZBOT/ZeuS and CryptoLocker variants onto already-infected computers. Unlike ZBOT/ZeuS, which is notorious for data stealing, CryptoLocker is well-known for locking infected computers, rendering it and the data stored within inaccessible.

Spam Safety

While spam have certainly changed and will continue to do so, the ways by which you can avoid becoming their victim remain the same. To stay safe:

  • Immediately delete suspicious mail from unfamiliar senders.
  • Never open attachments or click links that come with suspicious mail.

Copyright ©2013 Trend Micro Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their respective owners. The information contained in this document is subject to change without prior notice.