IT security and
data protection firm Sophos has published its report on the
latest trends in spam, revealing the top twelve spam-relaying
countries for the second quarter of 2009. By scanning all spam
messages caught in SophosLabs' global network of spam traps,
researchers have identified the top 'Dirty Dozen' spam relaying
nations between April and June this year.
During the second quarter of 2009, the USA continued to relay
more spam than any other country - the nation's 15.6 percent
contribution to global spam traffic meaning that one in six junk
emails were sent through compromised computers in the country. In
contrast, Russia, a former spam super-power, continues to fall down
Russia currently resides at ninth position in the chart,
relaying a mere 3.2 percent of spam messages. This represents a
significant reduction compared to the same time last year when the
country came second only to the United States and was responsible
for relaying 7.5 percent of all spam emails.
Poland has seen the biggest single increase in spam output since
the last quarter, moving up from tenth to sixth place in this
global 'hall of shame', with the country now responsible for
relaying 4.2 percent of all the world's electronic junk messages.
Colombia is the only nation to have left the 'Dirty Dozen' since Q1
2009, with Vietnam a new entry this quarter.
The top twelve countries responsible for relaying spam across the
globe between April and June 2009 are as follows:
"Barack Obama's recent speech on cybersecurity emphasised the
threat posed by overseas criminals and enemy states, but these
figures prove that there is a significant problem in his own back
yard. If America could clean up its compromised PCs it would be a
considerable benefit to everyone around the world who uses the
net," said Graham
Cluley, senior technology consultant for Sophos. "All web users
need to properly defend their computers from attack, and pledge to
never act upon spam messages."
Spammers exploiting new vectors of attack
Over the past year, the booming popularity of social networking
- in particular, micro-blogging service Twitter - has driven growth
in services such as TinyURL, bit.ly and is.gd. The services are
used to create conveniently shortened links that re-direct to web
pages with lengthier URLs. This is being exploited by hackers that
will use the services to obscure links to offensive material or
malicious websites, and then distribute the links in spam emails,
as well as posting them on Twitter and other networks.
Earlier this year, link-shortening service Cligs was attacked
by hackers, who redirected links created with the service to a
single site of their choice - demonstrating how unsuspecting web
users can find themselves visiting unexpected websites when
clicking on shortened links. As social networking and related
online services continue to grow in popularity, Sophos experts note
that poorly protected computer users could become more vulnerable
to a wider range of spam attacks.
"Clearly the problem isn't going away, as is illustrated by the
large number of sprawling spam campaigns we see on a daily basis,"
continued Cluley. "Although it may seem encouraging to see
reductions in the volume of spam that certain countries are
contributing, authorities, ISPs and home users across the world
need to be doing more to crack down on the spam problem."
Spam relayed by continent, April - June 2009
Overall by continent, Asia continues to be the biggest offender.
Almost a third of spam message originated in the region for the
second quarter of 2009, with the nations of South Korea and China
being the biggest contributors.
Sophos recommends companies automatically update their corporate
virus protection, and run a
consolidated solution at their email and
web gateways to defend against viruses and spam.