Most malspam contains a malicious URL these days, not file attachments
Email-based cyber campaigns usually rely on malicious links rather than malware-laced attachments, a new report by Proofpoint shows. In the second quarter of this year, the vast majority (85%) of malicious spam emails (malspam) contained nefarious URLs. Malicious links were also more popular than attachments in the first quarter of this year. Malicious links are probably more common because many people are more suspicious of attachments than they are of URLs, especially since the use of legitimate URLs in business emails is increasing with the rising popularity of cloud-based collaboration tools like Google Docs and Office 365.
The report also found that domain spoofing is used in 57% of malspam messages while the most popular malware types delivered via these campaigns are botnet malware (37%), banking trojans (23%), infostealers (16%), malware loaders (8%), remote access trojans (6%), and backdoor trojans (5%).