Dirty dozen spam-relaying countries revealed by Sophos, Q1 2010

April 28, 2010 Sophos Press Release

IT security and control firm Sophos has published its latest report into the top twelve spam relaying countries, covering the first quarter of 2010. The United States of America continues its unpopular reign as the king of spam, relaying more than 13 percent of global spam, accounting for hundreds of millions of junk messages every day.

However, most dramatically, China - often blamed for cybercrime by other countries - has completely disappeared from the so-called "dirty dozen", coming in at 15th place with responsibility for relaying just 1.9% of the world's spam.

The top twelve spam relaying countries for January to March 2010

1. USA 13.1%
2. India 7.3%
3. Brazil 6.8%
4. S Korea 4.8%
5. Vietnam 3.4%
6. Germany 3.2%
=9. United Kingdom 3.1%
=9. Russia 3.1%
=9. Italy 3.1%
10. France 3.0%
11. Romania 2.5%
12. Poland 2.4%
Others 47.3%

"All eyes aren't so much on which countries are on the list, but the one which isn't. China has earnt itself a bad reputation in many country's eyes for being the launch pad of targeted attacks against foreign companies and government networks, but at least in the last 12 months they can demonstrate that the proportion of spam relayed by their computers has steadily reduced," said Graham Cluley, senior technology consultant at Sophos. "A new dirty 'gang of four' - South Korea, Brazil, India and their ringleader USA - account for over 30% of all the spam relayed by hacked computers around the globe."

 

 

Percentage spam relayed via China

Spam accounts for a staggering 97 percent of all email received by business email servers, putting both a strain on resources and wasting a huge amount of time to lost productivity. Used largely as a method for selling counterfeit or illicit goods such as fake pharmaceuticals, luxury watches and false diplomas, virtually all spam comes from malware infected computers (called bots, or zombies) that are controlled by 'botherder' cybercriminals.

Computer users can unwittingly allow their PCs to become part of a botnet in a number of ways, including clicking on malicious links that are frequently contained within the spam messages that the botnets are used to distribute. The only way for users and administrators to reduce the risk of being compromised is to run anti-spam and anti-malware protection and ensure all software and hardware is up to date with security patches.

"Countries such as the USA would do well to remember that cleaning-up infected PCs in their own back yard will be an important step in fighting cybercrime. Furthermore, we all shouldn't forget that if no-one bought products sold via spam there would be a lot less incentive to send junk email," explained Cluley. "Computer users should not just protect their computers from threats like malware and spam, they should also pledge to never ever buy anything advertised via spam."

By continent, Asia continues to dominate in spam, with more than a third of the world's unsolicited junk email relayed by the region. Although the US remains the top offender by country, North America as a whole has reduced its spam throughput since last quarter, dropping from second to third place. The breakdown of spam relaying by continent is as follows:

Top spam-relaying continents, January to March 2010

1. Asia 33.7%
2. Europe 31.2%
3. N America 16.9%
4. S America 14.7%
5. Africa 2.6%
Other 0.9%

Sophos recommends that companies automatically update their corporate virus protection, and run a consolidated solution at their email and web gateways to defend against spam and viruses.