Phishing, Spam and Malware Statistics for January 2011

A little late this time, but here are our statistics about the phishing, spam and malware situation in January 2011!

Most abused TLDs

While the numbers for Phishing in December were almost all red, showing a dramatic drop for the .org (-151%), .com(-76%) and .net(-24%) domains, we now have seen the exact opposite development in January 2011. Phishing was definitely on the rise and even if the malware URLs still show mostly as red numbers, some of them have also increased. However, even with these high fluctuations, the top 10 remains practically unchanged from December 2010.

Phishing Malware
# Top level domain % Deviation from
December
in %
Top Level Domain % Deviation from
December
in %
1 .com 48.77 54.21 .com 47.38 -149.81
2 Others 13.94 100.00 Others 13.60 100.00
3 .net 7.96 46.40 .net 6.41 -100.00
4 .org 6.79 74.68 .ru 5.60 -98.79
5 IP Address 3.79 100.00 IP Address 5.31 97.02
6 .br 3.54 44.40 .org 4.00 -119.77
7 .uk 3.24 48.64 .br 3.14 -60.43
8 .tk 2.83 28.57 .in 2.89 16.41
9 .ru 2.38 62.35 .cc 2.66 -127.12
10 .tl 1.55 62.09 .info 2.48 -247.27

Spam category statistics

The trend we observed in December 2010 (overall less spam) continued in January for all categories. Here also the top 10 remains unchanged in comparison with December.

Sorted by amount Sorted by deviation
# Category % Deviation from
December
in %
# Category Deviation from
December
in %
1 Other 79.35 -12.51 1 Jobs 0.09
2 Pharmacy 5.80 -1.71 2 Loan 0.07
3 Nigerian 4.64 -0.32 3 Commercials 0.02
4 Lottery 3.08 -0.38 4 Fashion 0.01
5 University 2.04 -2.38 5 Casino -0.03
6 Software 1.76 -0.77 6 Malware -0.07
7 Watch 1.02 -0.48 7 Phishing -0.19
8 Phishing 0.93 -0.19 8 Nigerian -0.32
9 Loan 0.68 0.07 9 Lottery -0.38
10 Casino 0.25 -0.03 10 Watch -0.48

Extension statistics for malware URLs

The malicious files extensions top chart shows a descending trend, following the trend of the overall malware URLs. A newcomer in the top 10 is the extension OCX. The OCX file type is associated with ‘Object Linking and Embedding (OLE) Control Extension’ by Microsoft. These files can become infected and it are quite hard to detect as they are usually loaded by other modules. The big “looser” of this month is the HTML/HTM extension. Obviously, the cyber criminals have found better ways to spread malware than through a page which usually drops some malware on the user’s computer.

Sorted by amount Sorted by deviation
# Extension % Deviation from
December
in %
# Extension Deviation from
December
in %
1 txt 38.03 -8.91 1 ocx 100.00
2 none 23.64 -146.90 2 zip 69.07
3 exe 18.18 -115.78 3 rar 62.16
4 jpg 5.65 -156.40 4 cmd 50.00
5 php 4.13 -397.81 5 pdf 29.03
6 zip 2.19 69.07 6 bat 0.00
7 htm 1.67 -1001.35 7 txt -8.91
8 pdf 1.40 29.03 8 png -17.39
9 html 1.13 -1224.00 9 exe -115.78
10 rar 0.84 62.16 10 none -146.90

Most phished brands statistics

The most attacked brands differ only slightly from December. While in December Paypal lost a lot of its intensity, we’ve seen a comeback in form of an increase of 52% in January. However, the biggest gain of this month is Ebay with a 92% increase which makes it land on the second place with 27% from the total amount of phished brands.

Sorted by amount Sorted by deviation
# Brand name % Deviation from
December
in %
# Brand name Deviation from
December
in %
1 Paypal 36.84 52.68 1 Others 100.00
2 Ebay 27.12 92.65 2 Yahoo 97.28
3 Others 19.18 100.00 3 Ebay 92.65
4 Facebook 4.68 63.05 4 Banco Santander 69.74
5 Yahoo 3.46 97.28 5 Facebook 63.05
6 Chase Bank 2.43 38.76 6 Commonwealth Bank 62.92
7 Visa 1.82 4.12 7 Paypal 52.68
8 Commonwealth Bank 1.67 62.92 8 Chase Bank 38.76
9 Banco Santander 1.43 69.74 9 World of Warcraft 11.11
10 World of Warcraft 1.35 11.11 10 Visa 4.12

URL Shorteners used in malicious activities

Also the URL shorteners have received only green numbers in January. We have seen small fluctuations within the top 10, but nothing dramatical. The most abused services in both categories – for the first time since we started this analysis – are bit.ly and tinyurl.com.

Phishing Malware
# Shortener % Deviation from
December
in %
Shortener % Deviation from
December
in %
1 bit.ly 28.57 17.14 bit.ly 18.18 15.15
2 tinyurl.com 14.29 12.86 tinyurl.com 9.09 9.09
3 goo.gl 11.43 5.71 notlong.com 9.09 9.09
4 tiny.cc 10.00 7.14 ow.ly 6.06 6.06
5 notlong.com 7.14 2.86 zi.ma 3.03 3.03
6 is.gd 2.86 2.86 u.nu 3.03 3.03
7 doiop.com 2.86 1.43 tr.im 3.03 3.03
8 zi.ma 1.43 1.43 tiny.cc 3.03 0.00
9 u.nu 1.43 1.43 snipurl.com 3.03 3.03
10 tr.im 1.43 1.43 sn.im 3.03 3.03

Sorin Mustaca
Data Security Expert