Security firm Symantec tells WebProNews that nine out of ten spam emails now contain a URL link in the message, and this month, around 5% of all domains found in spam URLs belonged to genuine websites. The top four of those belong to well-known social networking, blogging, file sharing and user-generated content sites.

"Domains belonging to well-known web sites tend to be recycled and used continuously compared with ‘disposable’ domains which are used for a short period of time and never seen again," said Paul Wood, Senior Analyst with Symantec’s MessageLabs Intelligence. "Perhaps this is because there is some work involved in acquiring them: the legitimate domains require CAPTCHAs to be solved to create the large numbers of accounts that are then used by spammers.”

So far in May, between 10% and 30% of spam containing a URL link has included at least one legitimate domain, the firm says. Additional findings include:

– Botnets Move in to Capitalize on Africa – in the last year, the proportion of global spam that comes from Africa has increased from 2% to 3% of global spam.  This is an increase of 1.2 billion spam emails being sent from Africa every day, compared with 12 months ago…  a significant hike in spam output for Africa, since the volume circulating globally hasn’t significantly changed.

– Soccer World Cup Themed Malware – spam emails have used the World Cup as a hook since late 2009, but in May in May, a malware attack featuring the theme of the competition was discovered. The email attempts to spoof a well-known US soft drink brand, but it had actually been sent from an IP address in Macau, a special administrative region of China.

This month, the most spammed industry sector is Engineering, with a spam rate of 95.1%. Spam levels in the Education sector were 91% The Public sector is still the most targeted industry for malware, with 1 in 74.2 emails being blocked as malicious.

Symantec’s full report can be found here.