A 10 percent sample of a 2016 dataset of 25.76 million spam emails provided by the Australian Communications and Media Authority’s Spam Intelligence Database was scanned for malware using the VirusTotal Malware database. Nearly one in 10 (9.9% or 255,222) emails were identified as malware compromised and, similarly, 9.9 percent were identified as inactive. Of the compromised URL sites, nearly one-third (31.8% or 81,176) could be further classified as phishing (58.4%) or trojan-compromised URLs (40.6%) or dedicated malicious websites (1%). All 115,025 unique file attachments found in the entire sample (0.5% of all spam) were also scanned and 31.4 percent (36,405) were compromised with various forms of malware. The majority of compromised attachments were found in images (55.6%), followed by PDFs (15.0%) and binary files (10.0%). Various trojans and ransomware were the most common malware, and these and others identified in the sample are described.
References
URLs correct as at February 2024
Alazab M & Broadhurst R 2016. Spam and criminal activity. Trends & issues in crime and criminal justice no. 526. Canberra: Australian Institute of Criminology. https://www.aic.gov.au/publications/tandi/tandi526
Australian Competition and Consumer Commission (ACCC) nd. Whaling & spear phishing. https://www.scamwatch.gov.au/types-of-scams/attempts-to-gain-your-personal-information/phishing/whaling-spear-phishing
Australian Cyber Security Centre 2018. Phishing.
Australian Cyber Security Centre 2017. Malicious email mitigation strategies guide.
AV-TEST 2018. Malware statistics & trends report. https://www.av-test.org/en/statistics/malware/
Bhutani A & Wadhwani P 2019. Global cyber security market size worth $300bn by 2024. Global Markets Insights. https://www.gminsights.com/pressrelease/cyber-security-market
Biasini N, Brumaghin E, Mercer W & Grady C 2017. Jaff ransomware: Player 2 has entered the game. Talos, 12 May. https://blog.talosintelligence.com/2017/05/jaff-ransomware.html
Broadhurst R et al. 2018. Malware trends on ‘darknet’ crypto-markets: Research review. Report for the Korean Institute of Criminology. https://ssrn.com/abstract=3226758
Broadhurst R, Skinner K, Sifniotis N, Matamoros-Macias B & Ipsen YG 2019. Phishing and cybercrime risks in a university student community. International Journal of Cybersecurity Intelligence & Cybercrime 2(1): 4–23
Cisco Talos Intelligence Group 2018. Email and spam data. https://talosintelligence.com/reputation_center/email_rep
FireEye 2016. Threat research: Locky ransomware. https://www.fireeye.com/blog/threat-research/2016/08/locky_ransomwaredis.html
Fortinet. 2017. Threat Reports: Threat Landscape Report. Retrieved July 11, 2018, from: https://www.fortinet.com/content/dam/fortinet/assets/threat-reports/threat-landscape-report.pdf
F-Secure 2018a. Trojan-Downloader: JS/Locky. https://www.f-secure.com/v-descs/trojan-downloader_js_locky.shtml
F-Secure 2018b. Trojan Downloader.JS.Nemucod. https://www.f-secure.com/v-descs/trojan-downloader_js_nemucod.shtml
Gardiner B 2016. Financial institutions at growing risk of trojan attacks: Report. https://www.cio.com/article/3497548/financial-institutions-at-growing-risk-of-trojan-attacks-report.html
Gudkova D 2014. Kaspersky security bulletin: Spam evolution 2013. https://securelist.com/kaspersky-security-bulletin-spam-evolution-2013/58274/
Gudkova D, Vergelis M, Shcherbakova T, Demidova N 2018. Spam and phishing in 2017. https://securelist.com/spam-and-phishing-in-2017/83833/
International Telecommunication Union 2019. Measuring digital development: Facts and figures 2019. Geneva: ITU Publications. https://www.itu.int/en/ITU-D/Statistics/Documents/facts/FactsFigures2019.pdf
Internet Society’s Online Trust Alliance 2019. 2018 Cyber incident & breach trends report. https://www.internetsociety.org/breach2019/
Internet World Stats 2019. Usage and population statistics. http://www.internetworldstats.com/stats.htm
Kortepeter D 2017. Cerber ransomware: How it works and how to handle it. http://techgenix.com/cerber-ransomware/
Lloyd S 2018. The entire history of URL shorteners: From TinyURL to Twitter’s t.co. https://blog.rebrandly.com/the-history-of-url-shorteners/
Lynmich S 2017. HEUR.Trojan.Script.Generic Virus manual removal guide. Yoo Care. https://blog.yoocare.com/heur-trojan-script-generic-virus-manual-removal-guide/
McAfee 2018a. McAfee Labs threat advisory: W97M/Downloader: X97M/Downloader.
McAfee 2018b. Virus profile: Nemucod.
Microsoft 2018. Malware encyclopedia: Nemucod. https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=JS/Nemucod
Microsoft 2014. TrojanDownloader: W97M/Adnel. https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:W97M/Adnel
Montti R 2018. Goo.gl shutting down: These are your options. https://www.searchenginejournal.com/goo-gl/246569/
Morgan S 2016. Cyber crime costs projected to reach $2 trillion by 2019. https://www.forbes.com/sites/stevemorgan/2016/01/17/cyber-crime-costs-projected-to-reach-2-trillion-by-2019/?sh=34e20a363a91
Scamwatch 2019. Scam statistics. https://www.scamwatch.gov.au/about-scamwatch/scam-statistics?scamid=29&date=2019
Spamhaus 2018. The definition of spam. The Spamhaus Project. https://www.spamhaus.org/consumer/definition/
Statista 2020. Global spam volume as percentage of total e-mail traffic from January 2014 to December 2019, by month. https://www.statista.com/statistics/420391/spam-email-traffic-share/
Symantec 2018a. Internet security threat report, volume 23. https://www.symantec.com/content/dam/symantec/docs/reports/istr-23-2018-en.pdf
Symantec 2018b. Malicious code classifications and threat types.
Symantec 2018c. Writeup: Nemucod.
Symantec 2017. White paper: ISTR ransomware 2017. https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/istr-ransomware-2017-en.pdf
Symantec 2016a. W97M.Downloader | Symantec.
Symantec 2016b. Ransom.Cerber. Symantec. https://www.symantec.com/security_response/earthlink_writeup.jsp?docid=2016-030408-0817-99
Symantec 2015. JS.Nemucod. https://www.symantec.com/security-center/writeup/2015-120112-4419-99
TechCrunch 2009. URL shortening wars: Twitter ditches TinyURL for bit.ly. https://techcrunch.com/2009/05/06/url-shortening-wars-twitter-ditches-tinyurl-for-bitly/
TechHive 2018. Locky ransomware.
ThreatMiner 2018. AV: JS.Nemucod.E. https://www.threatminer.org/av.php?q=JS.Nemucod.E
Tran KN, Alazab M & Broadhurst R 2013. Towards a feature rich model for predicting spam emails containing malicious attachments and URLs. 11th Australasian Data Mining Conference (AusDM 2013), Canberra, Australia, in Zhao YC, Kok-Leong Ong KL, & Liu L (eds), Conferences in Research and Practice in Information Technology (CRPIT), vol. 146.
US Department of Homeland Security 2016. Malware trends. Industrial Control Systems Emergency Response Team (ICS-CERT) and Advanced Analytical Laboratory (AAL). https://www.us-cert.gov/sites/default/files/documents/NCCIC_ICS-CERT_AAL_Malware_Trends_Paper_S508C.pdf
Vergelis M, Shcherbakova T, Demidova N & Loseva D 2015. Kaspersky security bulletin: Spam and phishing in 2015. https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07194944/KSB_SpamPhishing_2015.pdf
VirusTotal 2018. Reports: VirusTotal.
Wikimedia 2018. Spam blacklist: Meta. https://meta.wikimedia.org/wiki/Spam_blacklist