Cisco threat researchers conducted two studies in 2016 using opt-in customer telemetry to estimate what percentage of total email volume is spam. We found that spam accounts for nearly two-thirds (65 percent) of total email volume. Our research also suggests that global spam volume is growing, due primarily to large and thriving spam-sending botnets like Necurs. In addition, we determined through our analysis that about 8 percent to 10 percent of global spam observed in 2016 could be categorized as malicious.

...

Seventy-five percent of total spam observed in October 2016 contained malicious attachments. Most of that spam was sent by the Necurs botnet. (See Figure 17.) Necurs sends malicious .zip attachments that include embedded executable files such as JavaScript, .hta, .wsf, and VBScript downloaders. In calculating the percentage of total spam containing malicious attachments, we count both the “container” file (.zip) and the “child” files within it (such as a JavaScript file) as individual malicious attachments.

High