IT security and control firm Sophos has released the results of
its investigation into the latest spam trends and revealed the top
twelve spam-relaying countries for the third quarter of 2008.
The figures show an alarming rise in the proportion of spam
emails sent with malicious attachments between July - September
2008, as well as an increase in spam attacks using social
engineering techniques to snare unsuspecting computer users.
Sophos's latest report reveals that one in every 416 email
messages between July and September contained a dangerous
attachment, designed to infect the recipient's computer - a
staggering eight-fold rise compared to the previous quarter where
the figure stood at only one in every 3,333 emails.
Sophos has identified that much of this increase can be
attributed to several large-scale malware attacks made by spammers
during the period. The worst single attack was the Agent-HNY Trojan
horse which was spammed out disguised
as the Penguin Panic Apple iPhone arcade game.
Malicious emails were spammed out posing as a
Penguin Panic arcade game.
Other major incidents included the EncPk-CZ Trojan which
pretended to be a Microsoft security patch, and the Invo-Zip
malware, which masqueraded as a notice of a
failed parcel delivery from firms such as Fedex and UPS.
Windows users opening any of these attachments exposed their PCs
to the risk of infection and potentially put their identity and
finances at risk. The most widespread attacks seen by Sophos are
not designed to run on Unix and Mac OS X.
"For Apple Mac and Unix lovers, these major spam attacks just
mean a clogged-up inbox, not an infected operating system. But
organized criminals are causing havoc for Windows users in the hunt
for cold hard cash," said Graham Cluley, senior
technology consultant at Sophos. "Too many people are clicking
without thinking - exposing themselves to hackers who are hell-bent
on gaining access to confidential information and raiding bank
accounts. The advice is simple: you should never open unsolicited
attachments, however tempting they may appear."
Creative social engineering continues to out-fox users
As well as using malicious email attachments, cybercriminals
have continued to embed malicious links and spam out creative and
timely attacks designed to prey on users' curiosity.
For example, in August, Sophos warned of a widespread wave of
spam messages claiming to be breaking
news alerts from MSNBC and CNN. Each email encouraged users to
click on a link to read the news story, but instead, took
unsuspecting users to a malicious webpage which infected Windows
PCs with the Mal/EncPk-DA Trojan horse.
A Sophos video shows how the CNN malware
campaign, spammed out in July, worked.
"When a spam email appears to come from a trusted source, too
many users are fooled and end up clicking through to a malicious
webpage," remarked Cluley. "The naivety shown by many internet
users is downright dangerous. In the past hackers were more like
teenage mischief-makers breaking into sheds to see what they could
find. Today they're hardened criminals wearing hobnail boots with
no qualms about breaking into your home and stealing everything
they can get their hands on."
New frontiers
Spammers have proven themselves to be unafraid of trying new
methods of distributing their marketing messages and spreading
their malware to an undefended public during the last three months.
Sophos has seen an escalation in the amount of spam being sent via
social networking websites such as Facebook
and Twitter,
and expects to see this continue to rise.
Malicious messages are being spammed out via
Facebook from compromised accounts.
Emerging countries surface as spam-relaying offenders in dirty
dozen chart
This quarter's report has seen three new entries to the spam
hall of shame - Colombia and Thailand, have assumed eleventh and
twelfth place respectively, while India has shot straight into the
chart at number seven.
"Insecure computers, wherever they are in the world, are a
spammer's dream - they can be easily hijacked remotely and joined
to sprawling networks of botnets designed to create chaos by
sending floods of spam and carrying out denial-of-service attacks,"
explained Cluley. "The message needs to be heard loud and clear: if
you don't properly defend your PC you are not only putting your
data, finances, and identity at risk, you are also endangering
other members of the internet."
Sophos identified the top twelve countries responsible for
relaying spam across the globe between July-September 2008:
Whilst the United States retains its position as the top relayer
of spam, Russia has increased its contribution to the world spam
problem, soaring from 4.4 percent last year, to 8.3 percent during
this time period.
A video showing how Sophos tracks spam-relaying
compromised PCs around the world using Google Earth.
Spam relayed by continent, July-September 2008
Sophos determined the top continents responsible for relaying
spam around the world between July-September 2008:
According to Sophos researchers there is no sign that recent
legal action by the authorities against major spam gangs have had
any perceptible impact on the amount of spam in circulation.
Sophos recommends companies automatically update their corporate
virus protection, and run a consolidated
solution at their email and web gateways to defend against
viruses and spam.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.