The percentage of phishing emails decreased by a factor of three compared with March, dropping to 0.002%. Malicious files were found in 2.4% of all emails, a decrease of 1.6%.

The amount of ‘holiday’ spam fell, even though spammers continued to actively exploit the Easter theme for spreading fraudulent emails and messages containing adverts for goods and services. Additionally, they tried to draw users’ attention with the names of the world political leaders and tragic events that took place in the USA – the double bomb blasts at the Boston Marathon and an explosion at a chemical plant in Texas.

Within a day of the bombings Kaspersky Lab said it registered several mass mailings containing malicious files or links in spam traffic.

The emails imitated mass mailings from popular news sources (CNN and BBC) and contained a provocative headline plus a link to a supposed article about the tragic events. On clicking the link, the user was directed to a fraudulent site that used the Blackhole 2 exploit folder to attack the system. If this succeeded, Backdoor.Win32.Papras.ppk was downloaded on the user’s computer. This malicious spyware is designed to steal information from protected browser connections (HTTPS), cookies, screenshots and computer data (installed programs, OS configuration) and transfer it to cybercriminals.

Noticeably, a similar malicious mass mailing was registered in Q1 2013. Emails with a very similar design were used by the fraudsters to spread news about the new Pope in March.

Yet another mass mailing was used to distribute links to web pages containing the words Texas, Boston and news in the address. The link sent users to a web page with a selection of videos of bombings taken from YouTube. This page also contained an exploit which downloaded a malicious program detected by Kaspersky Lab as Trojan-PSW.Win32.Tepfer on the user’s computer. This Trojan was created to steal user account details (logins and passwords) from infected computers.

Kapersky Lab said ‘Nigerian’ fraudsters continued to use the names of famous political leaders in their emails in April – this time it was Barak Obama and the son of Muammar Gaddafi. For example, an email supposedly sent on behalf of a White House employee claimed that the American President was giving 100 gold bullions to needy people around the world and the recipient of the email was one of the chosen ones. A German-language ‘Nigerian letter’ written on behalf of the assistant of former Libyan president Muammar Gaddafi’s son contained the traditional request for help in saving and investing his mythical millions.

This type of fraud is well-known: once the victim is involved in the correspondence, the scammers ask for a relatively small sum of money to cover the middleman’s expenses or drawing up documents. The spammers believe that the huge gap between the money demanded and the promised rewards will make the potential victim throw caution to the wind and hand over the cash.