It's all too easy to think that spam is an old problem, and one that has largely been dealt with. Certainly, many people will tell you that they see very little evidence of spam in their mailboxes. This, however, has less to do with the demise of the spammer and everything to do with the effectiveness of spam filters.
The latest Kaspersky Lab analysis of the spam and phishing threat landscape for the first quarter of 2015 suggests that some 59.2 per cent of email traffic was actually spam, which is good news in as far as that number is six percentage points down on the previous quarter. It's also a pretty good reflection of my own incoming email, which currently sits on around 55 per cent spam. Not that I see it unless it's that time of the month when I pay my spam folder a visit to check for false positives, and they are rarer than rocking horse poop these days.
Interestingly, it seems that the raft of new generic top-level domains (gTLDs) such as .work or .science for example, have provided an impetus for the spammers. Kaspersky suggest that "new domain zones almost immediately became an arena for the large-scale distribution of advertising spam, phishing and malicious emails." Indeed, according to Kaspersky Lab’s email traffic analysis there was "a considerable increase" in the number of new domains that sent out spam content in Q1 2015. The spammers are targeting these new domains specifically as well, so .work domains get lots of household maintenance, construction or equipment installation spam whereas, to continue with our examples, the .science spam is largely distance learning and college training course oriented.
One thing that has remained fairly constant is the construction of the typical spam message. This includes the sparse use of visible text, often just a header which is repeated in the message body, along with a link or links loading an attention grabbing image containing the advertising data and another link (usually a long and often obfuscated one) leading to the advertised resource itself. Spammers also make good use of 'white noise padding' where random words or phrases, often in a language other than that used for the email body, are composed in white on a white background to be hidden from the reader but seen by anti-spam filters as indicative of a proper email rather than a junk one.
A final word of warning, spam is still being used for the distribution of malware; this has not changed. The countries being targeted by such 'malicious mailshots' are changing though, and the Q1 Kaspersky Lab report reveals that the UK is top of the list with Brazil second and the USA in third place. Germany, which used to head the target list, has dropped down to fourth place overall, followed by Italy, Australia, India, Turkey, France and Russia.
The full 'Spam and Phishing in the First Quarter of 2015' report can be found here.
