Sophos, a world leader in protecting businesses against viruses,
spyware and spam, has published its latest report on the top twelve
spam relaying countries over the second quarter of 2006.
Experts at SophosLabsâ„¢ scanned all spam
messages received in the company's global network of spam traps,
and have revealed that for the first time in more than two years,
the United States has failed to make inroads into its spam-relaying
problem. The US remains stuck at the top of the chart and is the
source of 23.2 percent of the world's spam. Its closest rivals are
China and South Korea, although both of these nations have managed
to reduce their statistics since Q1 2006. The vast majority of this
spam is relayed by 'zombies', also known as botnet computers,
hijacked by Trojan horses, worms and viruses under the control of
hackers.
The top twelve spam relaying countries are as follows:
| April to June 2006 |
| 1. |
United States |
23.2% |
| 2. |
China (& Hong Kong) |
20.0% |
| 3. |
South Korea |
7.5% |
| 4. |
France |
5.2% |
| 5. |
Spain |
4.8% |
| 6. |
Poland |
3.6% |
| 7. |
Brazil |
3.1% |
| 8. |
Italy |
3.0% |
| 9. |
Germany |
2.5% |
| 10. |
United Kingdom |
1.8% |
| 11. |
Taiwan |
1.7% |
| 12. |
Japan |
1.6% |
|
|
Others |
22.0% |
"Since the introduction of the CAN-SPAM legislation in 2004,
we've seen a regular quarter-on-quarter drop in the proportion of
spam coming from the US - until now, that is," said Graham Cluley, senior
technology consultant at Sophos. "Given the number of arrests, and
the huge fines dished out to guilty spammers, it's hard to
criticise the US for failing to take action. Perhaps the reality is
that the statistics can't be reduced any further unless US home
users take action to secure their computers and put a halt to the
zombie PC problem."
Spam relayed by continent
Asia accounts for more spam than any other continent, however
spam relaying in Europe continues to become more prevalent. While
in Q1 2006, 25 percent of the world's spam was sent out from
European countries, the figure has now reached 27.1 percent. Europe
has now overtaken North America as a spreader of spam.
The breakdown of spam relaying by continent is as follows:
| April to June 2006 |
| 1. |
Asia |
40.2% |
| 2. |
Europe |
27.1% |
| 3. |
North America |
25.7% |
| 4. |
South America |
5.5% |
| 5= |
Australasia |
0.7% |
| 5= |
Africa |
0.7% |
|
|
Others |
0.1% |
Russia conspicuously absent from the dirty
dozen
Even though Russia does not feature in the dirty dozen of spam
relaying countries, Sophos has uncovered evidence that Russian
spammers may be controlling vast networks of zombie PCs. Sophos
recently discovered a Russian spamming price list, which showed
that $500 would purchase email distribution to eleven million
Russian email addresses. On top of this, companies could buy
distribution to one million addresses in any country they wanted
for just $50.
Russian spammers advertise their price lists
for sending spam.
Spammers use images to dodge anti-spam
filters
One key development in 2006 so far has been the increase in spam
containing embedded images, which has risen sharply from 18.2
percent in January to 35.9 percent in June. By using images instead
of text, messages are able to avoid detection by some anti-spam
filters that rely on the analysis of textual spam content.
An example of an email marketing drugs via
image spam.
Pump-and-dump scams on the rise
Sophos estimates that 15 percent of all spam emails are now
pump-and-dump scams, compared to just 0.8 percent in January 2005.
These scams are email campaigns designed to boost the value of a
company's stock in order for spammers to make a quick profit. Many
of these spam messages contain images rather than traditional
text.
An example of a stock pump-and-dump spam using
an image instead of text.
"It's worrying to see so many pump-and-dump emails - often with
embedded graphics included - being spammed out to the general
public," added Cluley. "The people that act upon these emails
aren't skilled investors, and don't realise that purchasing the
shares is likely to reap no reward, benefiting only the spammers,
while creating a financial rollercoaster for the organisation in
question."
Sophos recommends that computer users ensure they keep their
security software up-to-date, as well as using a properly
configured firewall and installing the latest operating system
security patches. Businesses must also look to implement a best practice policy regarding email
account usage.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.