It's known that spam emails are distributed worldwide. Spam traffic differs from country to country depending on regional specifics. At the same time, there are some common themes and trends that feature in spam regardless of where it is sent or received in the world.
All the GCC countries combined account for only 1.29% of all global spam. The main reason that there are such low volumes of spam originating in the region is due to the relatively low number of users. It becomes even clearer when we look at the following diagram:
The country with biggest population in the region, Saudi Arabia, is a local leader when it comes to sources of spam (0.96%) just like in the same period last year. Even though Saudi Arabia is the most populated county in the Middle East region, its population can't be compared with that of countries like China or India. That's one of the reasons why the amount of spam even from this country is so low. The second reason is that users are careful about protecting their computers.
Share of spam globally
The share of spam in mail traffic differs slightly from country to country. In the third quarter of 2012 the global average fell 2.8 percentage points compared to Q2 and averaged 71.5%.
Sources of spam globally
Sources of spam in Q3 2012
In Q3, more than 50% of all spam messages in the world originated from just two countries: USA (26.7%) and China (25.5%).
Malicious attachments in mail traffic (World, GCC)
In Q3, malicious files were found in 3.9% of all email traffic. Country ratings based on the number of mail antivirus detections show that Germany was the leader, accounting for 10.66% of such detections; the US was rated second in Q3.
A distribution of mail antivirus detections, by country: Q3 2012
Our mail antivirus made about 1.37% of all global detections in the GCC region which is slightly more than in the same period last year. Most of the detections we recorded were on the territory of the UAE and Saudi Arabia. On the graph below you can see that the share of detections in UAE in Q3 was slightly more than last year whereas the share of MAV detections in Saudi Arabia dropped dramatically:
The diagram below shows the breakdown for the countries in the region:
A distribution of mail antivirus detections, by country in the Middle East region: Q3 2012
The top three most frequently detected malicious programs worldwide in Q3 came as no surprise:
The Top 10 malicious programs spread via email in Q3 2012
Trojan-Spy.HTML.Fraud.gen - typically the number one troublemaker. This malicious program is actually an html page that copies the registration form of a financial organization.
Use of this malware can easily be defined as phishing. Second and third places were taken by Email-Worm.Win32.Bagle.gt and Email-Worm.Win32.Mydoom.m. These particular threats have two traditional for mail-worms functions: to harvest electronic addresses on infected machines and send itself to those addresses. In addition Bagle.gt can connect to a bad guys' servers and download other malicious programs.
One of the most popular malware family in Q3 was Bacdoor.Win32.Androm. This is a malicious program that installs a spam-bot to the user's machine.
The top 10 malicious programs spread via email in Q3 2012 in the GCC countries differs from those shown above.
The Top 10 malicious programs spread via email in Q3 2012 in the GCC
It's interesting that Trojan-Spy.HTML.Fraud.gen took only 5th place in the rating for this region. It means that users in the Middle East are targeted less by phishers than the average Internet user worldwide.
The two most detected malicious programs in this region are Worm.Win32.Mabezat.b and Email-Worm.Win32.Mydoom.m. Both of them are clearly not targeting anything particular, but just hop from one PC to another distributing themselves via all the emails they can find on an infected machine. It also shows that the region is not a favorite among cybercriminals.
Most popular organizations' category that was targeted by phishers in Q3 2012 is Social networking websites. More than 20% of all phishing attacks worldwide targeted Facebook. In GCC region the share of Facebook attacks is slightly less - about 16%.
One third of all phishing attacks detected in GCC targeted banks and other financial organizations whereas worldwide this share is about 20%. Phishing attacks on search engines took third place in GCC in Q3 2012.