IT security and control firm Sophos has published its latest
report on the top twelve spam-relaying countries over the third
quarter of 2007.
Experts at SophosLabs scanned all spam messages received in the
company's global network of spam traps, and have revealed that yet
again the US relayed more spam than any other nation, accounting
for a massive 28.4 percent - meaning that almost one in three of
all the world's spam emails is being sent through a compromised US
computer. The gap between the US and its nearest rival has also
increased significantly, with second placed South Korea only
responsible for relaying 5.2 percent, or one in twenty spam
messages.
The top twelve spam-relaying countries are as follows:
| Position |
Country |
Percentage |
| 1 |
United States |
|
| 2 |
South Korea |
|
| 3 |
China (inc.Hong Kong) |
|
| 4 |
Russia |
|
| 5 |
Brazil |
|
| 6 |
France |
|
| 7 |
Germany |
|
| 8 |
Turkey |
|
| 9 |
Poland |
|
| 10 |
United Kingdom |
|
| 11 |
Romania |
|
| 12 |
Mexico |
|
| Others |
33.9% |
"It seems as though a major American spammer is arrested every
other week at the moment, but despite these high-profile
lawbreakers being put away, the US continues to relay far more spam
than any other nation on the planet," said Carole Theriault, senior
security consultant at Sophos. "This level of activity can't be
attributed solely to the slick operations of a few cash-hungry
criminals. The problem is there are thousands of spammers using
many thousands of compromised zombie computers in the US. The only
way we're going to reduce the problem is if US authorities invest a
lot more in educating computer users of the dangers, while ensuring
ISPs step up their monitoring efforts to identify these compromised
machines as early as possible."
According to Sophos, while the US has risen substantially in the
spam stakes, neighbouring Canada has continued to make good
progress in eradicating the spam problem, further reducing its
spam-relaying figure during Q3 to just 0.8 percent.
"The US needs to take note and learn from its northern
neighbour, which is doing a sterling job of combating the spammers,
thanks in no small part to the Government's Task Force on Spam,"
continued Theriault. "Canada got its act together early, publishing
its 'Anti-Spam Action Plan' in 2004, and since then has made a
sustained effort to engage ISPs, businesses and consumers, to
really crack down on the problem. Canadian computer users have
every right to be frustrated - even though they're hardly
contributing to the spam problem, they're doubtless continuing to
receive a wad of unsolicited email that's being relayed south of
the border."
Malicious spam growth
During August 2007 Sophos identified a series of large-scale
malware attacks made via spam email, with weblinks inserted into
spam messages that directed recipients to malicious websites
designed to infect their PCs.
One such campaign involved ecard spam, with an estimated
nine
million malicious ecard messages being sent out within a
48-hour period. Users that visited the link contained in the
message would not receive an ecard, but would find their PC
infected by the JSEcard Trojan horse, thus exposing it to further
threats. Similar campaigns were launched that offered pictures of
nude
celebrities, YouTube
movies, and pop music
videos, providing recipients clicked on the malicious link
enclosed.
The death of PDF spam?
Having been first identified in June 2007, August saw a dramatic
rise in the amount of PDF spam being relayed, only for it to tail
away in similarly dramatic fashion shortly after. In early August
SophosLabs identified a new spam message with an attached PDF file,
urging internet users to purchase shares in a company called Prime
Time Group Inc. The spike in spam was so significant that it
resulted in the amount of spam seen by Sophos's global traps
rising
by 30 percent in 24 hours.
However, just weeks later, levels of PDF spam had dropped to
virtually zero - evidence that the new tactic had not been entirely
successful in its attempts to encourage investment. Sophos experts
note that PDF spam is not an immediate way of communicating with an
audience, particularly when compared to a marketing message within
an email client's preview pane, which may account for why it did
not resonate with recipients.
Spam relayed by continent
The massive rise in the US's relaying caused North America to
overtake Asia and Europe to become the biggest spam-relaying
continent during Q3 2007. Asia followed close behind, due to the
large number of individual Asian nations relaying spam, while
Europe managed to reduce its overall figure by 3.7 percent.
The breakdown of spam-relaying by continent is as follows:
| Position |
Continent |
Percentage |
| 1 |
North America |
|
| 2 |
Asia |
|
| 3 |
Europe |
|
| 4 |
South America |
|
| 5 |
Africa |
|
| Others |
0.6% |
Sophos recommends that computer users ensure they keep their
security software up-to-date, as well as
using a properly configured firewall and installing the latest
operating system security patches. Businesses must also look to
implement a best practice
policy regarding email account usage.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.