– The amount of spam detected between January and March 2009 has increased slightly with respect to the same period in 2008. Malicious mail containing false job offers has increased notably.

– The USA was the leading source of spam in Q1 2009

– Between January and March 2009, 302,000 computers were infected to be used for sending spam


Less than seven percent of emails that reached companies in the first quarter of 2009 were legitimate correspondence. Some 90.92% of messages were spam, while 1.66% were infected with some type of malware. This data has been compiled after the analysis of 69 million email messages in Q1 2009 by TrustLayer Mail, the clean mail managed service from Panda Security.

   January February   March Q1 
 Spam  92,55% 91,29%  88,93%  90,92% 
 Infected  0,39%  2,74%  1,85%  1,66%
 Suspicious Files  0,17%  0,66%  1,32%  0,72%
 Clean  6,89%  5,31%  7,90%  6,70%


The amount of spam detected between January and March 2009 has increased slightly with respect to the same period in 2008, when spam accounted for 89.88% of the email received by companies. With respect to the different types of spam, the amount of junk mail related to false job offers has increased, probably due to the current economic crisis.

“Cyber-crooks have been exploiting the desperate situation of those looking for work to offer enticing jobs. Their real aim however is to recruit money-mules, i.e. trick people into laundering money through their bank accounts”, explains Luis Corrons, technical director of PandaLabs.

The USA continues to figure as the leading source of spam in Q1 2009, accounting for 11.61% of the total, followed by Brazil (11.5%) and Romania (5.8%). Most of this spam was distributed through networks of zombie computers known as botnets. These are computers that have been infected by bots, which allow hackers to take remote control of the system for a host of malicious activities, mostly the sending of spam. When several computers are exploited in unison, they are referred to as botnets. In the first quarter of 2009, around 302,000 computers were newly infected and turned into zombies every day.

“The reason for such frenetic activity is that the lifespan of the infections is very short, as the authorities, the ISPs and even users themselves, rapidly detect that their systems are being used maliciously”, says Corrons.

Attacks on Twitter: A new phishing model

Twitter, one of the most popular Web 2.0 applications, has been targeted by cyber-crooks in the first quarter of this year as a platform for launching phishing attacks. The attacks unfold as follows: Twitter users receive a direct message from another user telling them that there is a post about them or an image of them on a blog. When users click on the attached link, they are redirected to a spoof Twitter page, with a similar domain name. If users enter their Twitter credentials in this page, they will fall into the hands of cyber-crooks who then use the accounts to send spam.

“This is a classic social engineering model; cyber-crooks exploit users’ curiosity to draw them into a trap. What’s new here, is the use of popular Web 2.0 applications”, says Corrons.

For more information about spam see the PandaLabs Quarterly Report (https://www.pandasecurity.com/homeusers/security-info/tools/reports/) and the Quarterly Spam Report from Panda Security and Commtouch: https://www.pandasecurity.com/emailhtml/Trend_Report_Q1_09_Panda.pdf