Report: 95 percent of all e-mail is spam

Report also finds that Trojans are to blame for 55 percent of all malware threats, with many focused on stealing information in order to access financial accounts.

Lance Whitney Contributing Writer

Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.

See full bio

Lance Whitney

Sept. 30, 2010 10:19 a.m. PT

2 min read

Spam accounted for 95 percent of all e-mail sent worldwide during the third quarter, according to a report released today.

Panda Security's third-quarter report (PDF) also found that 50 percent of all spam came from 10 countries, with India, Brazil, and Russia as the top three sources. The U.S. came in No. 8, while the U.K. dropped off the list. Much of the spam that invades in-boxes comes from botnets that hijack computers whose owners don't realize their PCs have been infected, the report noted.

Trojans now are responsible for 55 percent of all malware threats, with many of them designed to steal information in order to access financial accounts. These types of threats have generally grown over the past two years, according to Panda, because their creators know they can get the greatest return on investment.

Among the countries with the most Trojan attacks in the third quarter, Taiwan led the list, followed by Russia, Brazil, Argentina, Poland, and Spain. The U.S. was again No. 8 among the top countries infected by these threats.

Cybercriminals are increasingly turning to social media over e-mail to send out their payloads. Panda found that malware has able to spread through clickjacking attacks that tap into Facebook's "Like" button and use celebrity names and news items to attract people. So-called black-hat SEO techniques for setting up fake Web pages that appear in search results are another popular method for propagating malware.

Twitter was hit by a couple of worms during the quarter, one of which popped up due to a JavaScript vulnerability that allowed for a cross-site scripting attack. "MouseOver" worms, which trigger when someone simply hovers their mouse over content, also posed a problem as they redirected users to Web pages or published JavaScript in their Twitter feeds without their permission. Twitter was able to clear up these threats relatively quickly, noted Panda.

The popularity of Android-based smartphones has opened up another area of vulnerability as several threats have targeted Google's mobile OS. One called FakePlayer pretends to be a video player but actually sends SMS messages to its victims, thereby racking up huge phone bills. Another known as TapSnake masks itself as a game but actually uses geo-tracking features to relay a person's location to a third party, explained Panda.