CRG 51/16-17: Malware in spam email: Risks and trends in the Australian Spam Intelligence Database

A 10 percent sample of a 2016 dataset of 25.76 million spam emails provided by the Australian Communications and Media Authority’s Spam Intelligence Database was scanned for malware using the VirusTotal Malware database. Nearly one in 10 (9.9% or 255,222) emails were identified as malware compromised and, similarly, 9.9 percent were identified as inactive. Of the compromised URL sites, nearly one-third (31.8% or 81,176) could be further classified as phishing (58.4%) or trojan-compromised URLs (40.6%) or dedicated malicious websites (1%). All 115,025 unique file attachments found in the entire sample (0.5% of all spam) were also scanned and 31.4 percent (36,405) were compromised with various forms of malware. The majority of compromised attachments were found in images (55.6%), followed by PDFs (15.0%) and binary files (10.0%). Various trojans and ransomware were the most common malware, and these and others identified in the sample are described. No final report.