IT security and control firm Sophos has published its report on
the latest trends in spam, and revealed the top twelve
spam-relaying countries for the second quarter of 2008. The
investigation reveals a disturbing rise in the level of email spam
travelling across the internet between April-June 2008, and how
some spammers are now using Facebook and cellphones to spread their
messages.
By June 2008, research reveals that the level of spam had risen
to 96.5% of all business email. Having risen from a figure of 92.3%
in the first three months of the year, corporations are now facing
the fact that only one in 28 emails is legitimate.
"If your company is on the internet, it's going to be hard for
it to do business unless it has an effective anti-spam defence in
place. Otherwise the amount of junk mail will be swamping
legitimate correspondence from your customers and suppliers," said
Graham Cluley,
senior technology consultant for Sophos. "It should be remembered
also that some spam is not just a nuisance, but malicious in its
intent - trying to get you to click on an attached Trojan horse or
lead you to a dangerous website. Organizations need a consolidated
anti-spam and anti-malware solution at their gateway, updated
around the clock to neutralize the latest internet attacks."
Spam relayed from hijacked home computers
Email spam is almost always sent from innocent third party
computers which have been hijacked by hackers. These botnet
computers are owned by innocent parties, who are unaware that
cybercriminals are using them for financial gain. Typically they
are home users who have not been properly protected with up-to-date
anti-virus software, firewalls and security patches.
Sophos has identified the top twelve countries responsible for
relaying spam across the globe:
| Position |
Country |
Percentage of reports |
| 1 |
United States |
|
| 2 |
Russia |
|
| 3 |
Turkey |
|
| 4 |
China (incl HK) |
|
| 5 |
Brazil |
|
| 6= |
Poland |
|
| 6= |
Italy |
|
| 7 |
South Korea |
|
| 8= |
United Kingdom |
|
| 8= |
Spain |
|
| 9 |
Germany |
|
| 10 |
Argentina |
|
| Others |
37.7% |
Sophos's breakdown of spam-relaying countries by continent is as
follows:
| Position |
Continent |
Percentage of reports |
| 1 |
Asia |
|
| 2 |
Europe |
|
| 3 |
North America |
|
| 4 |
South America |
|
| 5 |
Africa |
|
| Others |
0.9% |
"Between April and June 2008, the computer users of US and
Russia retained their shameful first and second places as the top
relayers of spam," continued Cluley. "Much more needs to be done to
raise awareness about computer security. These computers are under
the remote control of hackers which means they can be used not only
for sending a tidalwave of spam, but also potentially steal banking
details and credit card information for the purposes of identity
theft."
Also retaining a place on the leader�fs podium of shame was
Turkey, with a marked increase in spam since the same period last
year - rising from ninth place and 2.9 percent in the second
quarter of 2007, to third place and 6.8 percent this year.
A new addition to the chart this quarter is Argentina, which has
knocked France out of the chart to take 12th place, and which is
now responsible for relaying 2.9 percent of the world�fs spam
email.
"Argentina is the fastest growing economy in South America,
which means lots more computers are connecting to the net down
there," explained Cluley. "Spammers hijack poorly defended
computers wherever they are in the world to join their sprawling
botnets. Computers may be becoming more common, but IT security
also has to be a top priority."
Spam spreading via new avenues
Sophos has discovered that spammers are increasingly using
networking websites such as Facebook and LinkedIn to send their
unwanted links to online stores and bogus lottery and financial
scams.
"Spammers are finding themselves increasingly obstructed by
corporate anti-spam defences at the email gateway. In a nutshell -
we're stopping the bad guys getting their marketing message in
front of their intended audience," said Cluley. "To get around
this, we are seeing spammers exploiting networks like Facebook to
plant spam messages on other peoples' profiles - these don't just
get read by the owner of the profile, but anyone else visiting his
or her page."
An example of Facebook spam posted on a user's
'wall'.
In May, the LinkedIn business networking system was used by
scammers seeking to swindle money from unwary corporate
executives. On this occasion, the spammers offered a share of a
non-existent US $6.5 million inheritance fund, further highlighting
the need for users to be vigilant to unsolicited approaches
online.
Sophos experts note that the level of Facebook, Bebo and
LinkedIn spam is still dwarfed by email spam, but there is a
growing trend for spammers to use other techniques to spread their
messages.
Another growing method for spammers to spread their messages is
via SMS texts sent to cellphones.
For instance, in April, the switchboard of Dublin Zoo was
swamped after at least 5000 people were spammed an SMS text message
to their cellphones telling them to ring a number urgently and ask
for a fictitious person. The number was that of the main phoneline
to Dublin Zoo and the fake names all animal-related (Rory Lion,
Anna Conda, C Lion or G Raffe according to the news reports).
Curiously, zoos in Houston and Brownsville, Texas suffered from
similar attacks in May.
Spamming a lot of people via text message is an effective way of
generating a flash-flood denial-of-service attack against the
telephone system of an organization you don't like. As mobile
operators give away more and more "free texts per month" as part of
their calling-plans, and make available SMS web gateways that can
be exploited by hackers, we may see more spammers using SMS to clog
up phonelines.
Spear-phishing on the rise
'Spear-phishing', which involves messages that have been
personalized to a specific domain or organisation, has become more
common in recent months. These emails will appear to come from a
trusted source, such as a member of IT staff at the same company as
the recipient, and ask for personal information or username and
password confirmation. Those who reply to these messages will
inadvertently be supplying information that the phisher can use for
malicious purposes, such as identity fraud. Spear-phishers generate
the victims' addresses by using special software or using lists of
employees found on the networks of social media sites such as
Facebook or LinkedIn.
Victims of spear-phishing attacks in recent months include The
University of Waterloo, Oak Ridge National Laboratory, and the
University of Minnesota. Financial institutions are also amongst
the many organizations to have been on the receiving end of this
kind of attack.
Sophos recommends companies acquaint their users with best practice advice for minimizing
exposure to spam, automatically update their corporate virus
protection, and run a consolidated solution
at their email and web gateways to defend against viruses and
spam.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.