Proofpoint researchers have just published a blog which quantifies the prevalence of malicious links in unsolicited emails. The post provides analysis on the daily and weekly average of the percentage of malicious URLs in unsolicited emails.
Key findings from the blog reveal:
Analyzing the URLs found in unsolicited emails, we see that consistently more than 15% of URLs in unsolicited email are malicious, meaning that in any given week nearly 1 in 6 URLs in unsolicited messages link to a site deemed malicious.
Proofpoint analysis of mail traffic determined that in 2014 there have already been 63 days where the percentage of malicious URLs in unsolicited mail was greater than 15% (Fig. 2). Moreover, in 2014 there have been 12 days where the percentage of malicious URLs in unwanted mail exceeded 25%, and 2 days greater than 30%.
The prevalence of malicious URLs in unsolicited email occurs against the backdrop of an overall resurgence of spam volumes. In the first half of 2014, global spam volumes have been peaking at over 200 billion messages per month and as high as 260 billion messages in July, their highest rate since 2010 and double the normal average.
This is unlikely to be a temporary phenomenon, as spam authors move to take advantage of the greater accessibility and profitability of malware. Compromised computers create many revenue opportunities for phishers, who can sell them for bitcoin mining, click-fraud, spam distribution, and other services. Automation and crimeware-as-a-service have made malware more accessible than ever to even the most unskilled and notorious spammers. The fact that the Nigerian “419” spammers have started to include malware and malicious links in their phishing emails highlights this fundamental move to malware.