Malware in Spam Email: Trends in the 2016 Australian Spam Intelligence Data

18 Pages Posted: 3 Jul 2019

See all articles by Roderic Broadhurst

Roderic Broadhurst

Australian National University (ANU); ANU Cybercrime Observatory; School of Regulation & Global Governance (RegNet)

Harshit Trivedi

ANU Cybercrime Observatory; Australian National University

Date Written: September 2, 2018

Abstract

A 10% sample dataset from a 2016 dataset of 25.76 million spam emails provided by Australian Communication and Media Authority’s (ACMA) Spam Intelligence Database (SID) was scanned for malware using the VirusTotal Malware Database over March-June 2018. Nearly one-in-ten (9.9% or 255,222) were identified as malware compromised and, a further 9.89% were identified as invalid (or inactive at the time of scanning). Adjusting for these inactive or unrated URLs overall 10.84% of the URLs were identified as comprising malware, often obscured by URL shortening services. Of the malware compromised URL sites, under a third, (81,176 or 31.8%) where unique sites comprising mostly phishing (58.3%) or malware compromised URLs (40.8%). A small number (786 or 0.001%) of dedicated malicious websites were also identified.

All 115,425 file attachments found in the entire sample (0.44% of all spam) were also scanned and 31.43% (36, 405) were found to be compromised with various forms of malware. The majority of compromised attachments where found in images (55.6%), followed by pdf (14.5%), binary (9.9%), text/office files (9.3%), and zip files (5.8%). Various trojans, and ransomware were the most common malware and these and others identified in the sample are described.

Compared to the 13,450,555 spam e-mails captured in 2012 by SID and scanned for the presence of malware by Alazab & Broadhurst (2016) attachments remain a high risk: 21.4 % of the 492,978 found with attachments were malicious compared to 31.4% in the present study. The prevalence of attachments had declined from 3.66% of all spam in 2016 to 0.44% of SID 2016. Of the 6,230,274 emails in the 2012 sample that contained a URL, 22.3 percent of the web links were malicious but in the 2016 SID only 10.8% were found to be malicious.

Keywords: cybercrime, malware, spam

Suggested Citation

Broadhurst, Roderic and Trivedi, Harshit, Malware in Spam Email: Trends in the 2016 Australian Spam Intelligence Data (September 2, 2018). Available at SSRN: https://ssrn.com/abstract=3413442 or http://dx.doi.org/10.2139/ssrn.3413442

Roderic Broadhurst (Contact Author)

Australian National University (ANU) ( email )

Canberra, Australian Capital Territory 2601
Australia

ANU Cybercrime Observatory ( email )

Canberra, Australian Capital Territory 0200
Australia

School of Regulation & Global Governance (RegNet) ( email )

Canberra, Australian Capital Territory 0200
Australia

Harshit Trivedi

ANU Cybercrime Observatory ( email )

ANU Cybercrime Observatory
Coombs Ext, Building 8
Canberra, 2601
Australia

Australian National University ( email )

Canberra, Australian Capital Territory 2601
Australia

HOME PAGE: http://www.anu.edu.au/

Register to save articles to
your library

Register

Paper statistics

Downloads
16
Abstract Views
128
PlumX Metrics