While spam levels dropped significantly throughout the spring on the heels of the Rustock botnet takedown, phishing appeared to be on the rise, bolstered by campaigns exploiting the death of Osama bin Laden.
These and other findings were revealed in Symantec's State of Spam report for May.
In general, spam levels continued to decline throughout April, down 65 percent compared to a year ago, according to the report. Meanwhile, the effect of March's Rustock botnet takedown had a negative impact on spam levels, spurring a decline of 27 percent in March, and another five percent in April. Overall, spam comprised 75 percent of all messages in April, compared to 89 percent at the end of April 2010.
However, phishing attacks increased by about 16 percent, boosted by a rise in automated toolkits and unique domains. Specifically, phishing Web sites created by automated toolkits increased by 26 percent while unique URLs increased by 12 percent.
Phishing attacks also became more international, indicated by a 16 percent rise in non-English sites. Portuguese, Italian and Spanish were the most prevalent languages, other than English, used in attacks.
However, despite declining spam levels, the death of Osama bin Laden dominated the spam and phishing attack landscape for May, according to the report.
The notorious international terrorist was killed earlier this month by a CIA-led operation at a mansion north of Islamabad. Following the news of Bin Laden's death, spammers immediately pummeled cyber space with a barrage of spam messages ranging from typical "419" scams to poisoned links redirecting users to another site.
Within 24 to 48 hours of the news, the attacks exploiting Osama bin Laden's death appeared to be more targeted and sophisticated. Many attacks spoofed legitimate news or blog sites, luring users by claiming to exhibit uncensored photos and videos of the raid, and then enticing them to click malicious links that falsely promised to lead to more information or images.
One of the most vicious attacks led to a phishing site that showed an auto-running Bin Laden video in an iFrame, and asked the user to download the "complete" video. However, once they clicked on the link, users installed an .exe file detected as a malicious downloader.
Unlike other malware campaigns, the Bin Laden spam and phishing attacks appeared in numerous languages, including Portuguese, French and Spanish.
Gaming sites were also a big target for hackers in May, according to the report.
In May, a rising number of attacks lured users to malicious sites in order to steal their gaming usernames and passwords and gain access to their accounts.
According to the report, 61 percent of phishing on gaming sites were hosted on free Web sites, while about 17 percent of the phishing on these sites utilized "typosquatting" domains -- registered domain names that contained a "typo" variation of a popular or established Web site.
Other popular spam and phishing campaigns in May included attacks that capitalized on gift buying for Mother's Day, as well as an campaign that enticed users with offers of free coins offered on online FIFA players, a game which is played by forming an online team purchased with online coins.