IT security and control firm Sophos has published its latest
report on the top twelve spam-relaying countries over the final
quarter of 2007.
Experts at SophosLabs scanned all spam messages received in the
company's global network of spam traps, and have revealed a
dramatic rise in the proportion of the world's spam messages being
sent from compromised Russian computers. The country has stormed
into second place, accounting for 8.3% of the world's spam, or one
in twelve junk mails seen in inboxes. Russia's rise is echoed in
Sophos's research into which continents make the greatest
contribution to the spam problem - with Asia and Europe overtaking
North America.
Between October-December 2007, the USA relayed far more spam
than any other country - testament to the sheer number of computers
in the country that have been taken over by remote hackers.
Representing the lion's share of total spam traffic, the United
States' 21 percent slice means that more than one in five of all
the world's spam emails was being sent through compromised American
computers.
The top twelve spam-relaying countries are as follows:
| Position |
Country |
Percentage |
| 1 |
United States |
|
| 2 |
Russia |
|
| 3 |
China (inc.Hong Kong) |
|
| 4 |
Brazil |
|
| 5 |
S Korea |
|
| 6 |
Turkey |
|
| 7 |
Italy |
|
| 8 |
Poland |
|
| 9 |
Germany |
|
| 10= |
Spain |
|
| 10= |
Mexico |
|
| 12 |
United Kingdom |
|
| Others |
35.7% |
"Responsible for a third of all unwanted email, USA and Russia
can be viewed as the two dirty men of the spam generation,
polluting email traffic with unwanted and potentially malicious
messages," said Carole
Theriault, senior security consultant at Sophos. "It's not the
case that a third of the world's spammers are based in those
countries, but that legions of computers are poorly defended,
allowing hackers to break in and turn them into botnets for the
spreading of spam and malware."
Spam by continent
Sophos's breakdown of spam relaying by continent is as
follows:
| Position |
Continent |
Percentage |
| 1 |
Asia |
|
| 2 |
Europe |
|
| 3 |
North America |
|
| 4 |
South America |
|
| 5 |
Africa |
|
| Others |
0.7% |
Falling from first to third place, North America has managed to
reduce the proportion of spam it is relaying from 32.3 percent to
26.5 percent, and has been overtaken by Asia at the top of the
chart, and Europe in second place.
"Financially-motivated criminals are controlling huge
proportions of compromised zombie machines to launch these spam
campaigns. This is big business for cybercriminals, so the
authorities have the daunting task of educating users about the
dangers of clicking on links or attachments in spam mails, while
also making sure that service providers help in identifying
compromised computers," continued Theriault. "This is a worldwide
issue, affecting everyone who owns a computer. Businesses and
computer users must take a more proactive approach to spam
filtering and IT security in order to avoid adding to the
problem."
MP3 pump-and-dump spam
Using spam to artificially inflate the price of stock is an
ongoing spam trend, but October 2007 saw one of the bizarrest ever
schemes, when a pump-and-dump campaign used MP3 files in an
attempt to manipulate share prices. In an effort to bypass spam
filters, cybercriminals sent out their messages with supposed music
files from stars such as Elvis Presley, Fergie and Carrie
Underwood, attached. The files actually contained a monotone voice
encouraging people to buy shares in a little-known company.
"Some may have thought Elvis had returned from the grave when
they received these spam emails, but they were designed to trick
armchair investors into making unwise investments," explained
Theriault. "Spammers will go to extraordinary lengths to try and
ensure that their marketing messages reach their intended pool of
victims."
Last month Sophos published
its annual Security Threat Report, which discussed the ways in
which financially-motivated cybercriminals use compromised
computers to relay their spam messages around the world.
Sophos recommends that computer users ensure they keep their
security software up-to-date, as well as
using a properly configured firewall and installing the latest
operating system security patches. Businesses must also look to
implement a best practice
policy regarding email account usage.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.