Sophos, a world leader in IT security and control, has published
its latest report on the top twelve spam relaying countries over
the first quarter of 2007.
Experts at SophosLabsâ„¢ scanned all spam
messages received in the company's global network of spam traps,
and have revealed that yet again, the US relayed considerably more
spam than other nations, with just under a fifth (19.8%) of the
world's spam originating from US-based computers. Surprisingly
however, Sophos notes the unexpected ascendancy of Poland in the
dirty dozen - with the country now lying in third place - as well
as a first-time appearance for India in the chart. The UK, which
sat in tenth place during Q1 2006, has managed to bypass being
named and shamed, occupying 13th place and accounting for 2.2% of
all spam relayed.
According to Sophos, the overall volume of spam rose by around
4.2% during Q1 2007, when compared to the same period in 2006.
The top twelve spam relaying countries are as follows:
| Position |
Country |
Percentage of spam relayed |
| 1 |
United States |
|
| 2 |
China (including Hong Kong) |
|
| 3 |
Poland |
|
| 4 |
South Korea |
|
| 5 |
Italy |
|
| 6 |
France |
|
| 7 |
Germany |
|
| 8 |
Spain |
|
| 9 |
Brazil |
|
| 10 |
Russia |
|
| 11 |
India |
|
| 12 |
Taiwan |
|
| Others |
30.6% |
"The US stands out like a sore thumb in this dirty dozen," said
Carole Theriault,
senior security consultant at Sophos. "China, who until recently
was an intimate rival to the US, dropped dramatically during the
last quarter. Poland, on the other hand, has now gate-crashed the
top three. The fact that its population, and undoubtedly its number
of computers, is much lower than the likes of Russia, India, China
and the States, suggests that Polish users need to take a close
look at the security holes on their computers. Polish authorities
would be wise to educate users on safe computing to ensure that
they are not responsible for sending out massive gluts of
spam."
Between January and
March 2006 Poland was responsible for just 3.8% of
spam-relaying, almost half its current percentage. Though the US
remains in first place, it has reduced its relaying in the past
twelve months, suggesting that the nation is getting clued up about
securing its computers.
Pump-and-dump spreads to Europe
In March 2007 Sophos identified
the first pump-and-dump stock scam preying upon a company listed
outside the USA, emphasising just how successful the technique is
proving for cybercriminals worldwide. Emails encouraging investment
in Stonebridge Resources Exploration Ltd, which was first listed on
the Frankfurt Stock Exchange on 1 March 2007, circulated for
several days. This caused the stock price to inflate substantially,
before crashing back down as the spammers sold their shares.
Scammers attempted to manipulate stock prices
on the Frankfurt Stock Exchange.
Pump-and-dump scam emails deploy a number of tactics designed to
evade conventional anti-spam filters, such as using embedded
images, or 'spamglish' - a mixture of random English words. Earlier
in the same month, the US Securities and Exchange Commission
suspended
trading of 35 companies that were the subject of pump-and-dump
campaigns, in a bid to thwart the spammers' plans and protect
investors.
Mobile phone spam on the rise
The first quarter of 2007 saw two high profile cases of SMS
spamming to mobile phones, both of which resulted in legal action
being taken against the perpetrators. In January Sophos reported on
a Florida couple being sued for sending five
million spam messages to mobile phones advertising timeshares,
while the following month, network operator Verizon Wireless won an
injunction
against a company which sent almost 100,000 spam messages to its
customers.
"SMS spamming represents a handy new tactic for dodgy marketers
- many people are used to ignoring unsolicited email spam, but they
don't necessarily expect it to turn up on their mobile handsets,"
said Theriault. "Instances of SMS abuse should always be reported
to network providers, however it should be noted that while this
type of spamming is on the increase, it still represents a tiny
problem compared to email spam."
Spam relayed by continent
Fuelled by the growth in foreign language spam targeted at
European computer users, along with China's sudden drop in
spam-relaying, Europe has now surpassed Asia as the highest
spam-relaying continent, responsible for more than a third (35.0%)
of the world's spam. Furthermore, while the US heads up the
individual countries list, North America as a whole has managed to
reduce its output, and now relays considerably less than
Europe.
The breakdown of spam relaying by continent is as follows:
| Position |
Continent |
Percentage of spam relayed |
| 1 |
Europe |
|
| 2 |
Asia |
|
| 3 |
North America |
|
| 4 |
South America |
|
| 5 |
Africa |
|
| 6 |
Australasia |
|
| 7 |
Antarctica |
|
Sophos recommends that computer users ensure they keep their
security software up-to-date, as well as using a properly
configured firewall and installing the latest operating system
security patches. Businesses must also look to implement a best practice policy regarding email
account usage.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.