ThreatList: Spam’s Revival is Tied to Adobe Flash’s Demise

Spam is back with a vengeance, thanks to the demise of attack vectors such as Adobe Flash.

Spam click-rates are up in 2018. Last year, 13.4 percent of spam messages that made it into inboxes were clicked on. So far, in 2018 that percentage has jumped to 14.2 percent.

The numbers come from F-Secure, which reported Wednesday on the sorry state of users’ better judgment when it comes to clicking on potentially malicious missives in inboxes.

The study points out the obvious – spam is still popular because it works. More interestingly, researchers said spam-based malicious attacks are up because other attack vectors are going away.

“The demise of Adobe Flash as one of the most popular plugins on websites has shifted criminals away from exploit kits, which enabled the attack vector known as drive-by downloads,” researchers wrote. They believe that the discontinuation of Flash support might eventually lkill off exploit kits as a viable business model for attackers altogether.

“We’ve reduced criminals to spam, one of the least-effective methods of infection,” said Sean Sullivan, an F-Secure security adviser.

The spam report also revealed that of those unwanted messages delivered in the spring of 2018, 23 percent were emails with malicious attachments, and 31 percent contained links to malicious websites. Another 46 percent were dating-service scams. Also, just five file types (ZIP, .DOC, .XLS, .PDF, and .7Z) make up 85 percent of malicious attachments.

The report concluded that spam will continue to be a scourge: “Anti-malware is containing nearly all commoditized, bulk threats. And honestly, I don’t see anything coming over the horizon that could lead to another gold rush, so criminals are stuck with spam,” Sullivan said.

 

Suggested articles

Discussion

  • Anonymous on

    I would be curious whether the bulk of privacy changes in the past year is related to the slight spam uptick? I have been observing more "Unsubscribe now!" or "Click to remain subscribed" spam emails, which, naively, feel similar to the bulk of "To continue receiving messages, click here..." GDPR messages that went out.

Leave A Comment

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.