Cyber-crime trends are very useful for tracking the source and intended targets of spam and malware. The latest Intelligence Report from MessageLabs shows new highs in the volume of spam, phishing and virus attacks. When analyzed by industry, IT services and the public sector have some of the highest tested percentage rates of all virus attacks, surpassed only by the education sector. The report not only looks at types of spam and virus attacks, but also at patterns across industries, geographical locations and time of receipt.

The Message

The majority of spam in May was comprised of messages with very little content other than a subject line and valid hyperlink. Each hyperlink pointed to a different active profile on one of a number of major social networking environments. The profiles were likely created using random names and automated CAPTCHA-breaking tools. Moreover, the e-mails were sent from valid webmail hosting providers, which means they were not spoofed, as has been the case in the past for these types of domains.

Time Matters

The report also noted that geographic location determines when people receive spam. The research, which was conducted over a seven day period, found that US residents see a spam peak between 9 and 10 a.m. and a drop overnight, while Europeans are more likely to receive a steady stream of spam throughout the workday. Those in the Asia-Pacific region start their day with an inbox full of spam and see less trickling in throughout the day.

"These patterns suggest that spammers are more active during the US work day," said Paul Wood, Senior Analysis at MessageLabs. "This could be because most active spammers are based in the US or because this is when the spammers' largest audience is online and likely to respond.

New vs. Established Web sites

The report also debunked the common misconception that cyber-criminals are more likely to use less reputable or new Web sites, such as those containing adult content, to hide malware. The majority (84.6 percent) of web site domains blocked in May for hosting malicious content were well-established domains more than a year old. Moreover, the number of new Web sites harboring malware saw a decline from 3,561 in April to 1,149 in May, supporting the trend that cyber-criminals favor the more established domains.

Other report highlights:

• Spam -- In May, the global ratio of spam in e-mail traffic from new and previously unknown bad sources was 90.4 percent (1 in every 1.11 e-mails), an increase of 5.1 percent since April.
• Viruses -- The global ratio of e-mail-borne viruses in e-mail traffic from new and previously unknown bad sources was one in every 317.8 e-mails, a decrease of 0.01 percent since April.
• Phishing -- One in every 279.7 e-mails comprised some form of phishing attack, an increase of 0.11 percent in the proportion of phishing attacks compared with April.

Geographical Trends:

• Spam levels in Hong Kong rose by 2.4 percent in May to 92.3 percent, making it the most spammed country.
• Spam levels in the UK fell to 90.3 percent while spam levels rose to 86.6 percent in the US and 85.2 percent in Canada.
• Germany's spam rate reached 84.8 percent and the Netherlands weighed in at 82.4 percent.
• Spam levels in Australia were 89.7 percent, 91.1 in China and 88.5 in Japan.
• Virus activity in Brazil rose by 0.05 percent t o1 in every 163.7 e-mails, placing it in the top position for viruses in May.

Industry Trends:

• In May, the most spammed industry was the automotive sector, with a spam rate of 89.2 percent.
• Spam levels reached 88.1 percent for the healthcare sector, 87.9 percent for the agricultural sector, 87.5 percent for the manufacturing sector and 87.4 percent for the retail sector.
• Virus activity in the education sector rose by 0.04 percent and remains positioned as the most targeted industry with 1 in every 112.5 e-mails being infected.
• Virus levels for the IT services sector were 1 in every 249.1, 1 in every 433.5 for the retail sector, 1 in every 211 for the public sector and 1 in every 466.9 for finance.