IT security and control firm Sophos has published the latest
report into the 'Dirty Dozen' spam-relaying countries, covering the
third quarter of 2010. Since the second quarter this year, the spam
output from the United States has increased significantly from
15.2% to 18.6% of global spam, making the country responsible for
nearly one in five junk emails, and meaning that the USA
contributes nearly 2.5 times more spam than the next worse
offender, India.
The UK finds itself dropping one position since the previous
quarter - from fourth to fifth place - and is now responsible for
relaying 5% of all spam this quarter.
The top twelve spam relaying countries for July - September
2010
| 1. USA | 18.6% |
| 2. India | 7.6% |
| 3. Brazil | 5.7% |
| 4. France | 5.4% |
| 5. UK | 5.0% |
| 6. Germany | 3.4% |
| 7= Russia | 3.0% |
| 7= S Korea | 3.0% |
| 9. Vietnam | 2.9% |
| 10. Italy | 2.8% |
| 11. Romania | 2.3% |
| 12. Spain | 1.8% |
| Other | 38.5% |
Top spam-relaying continents, July - September 2010
| 1. Europe | 33.1% |
| 2. Asia | 30.0% |
| 3. N America | 22.3% |
| 4. S America | 11.5% |
| 5. Africa | 2.3% |
| Other | 0.8% |
Almost all of this spam comes from malware-infected computers
(known as bots or zombies) that are being controlled by 'botherder'
cybercriminals. One of the primary tactics used by cybercriminals
to grow botnets involves tricking computer users into clicking
malicious links - either contained in spam email or social
networking messages - which direct computers to malware infected
webpages.
"Spam isn't just a nuisance, it's used by cybercriminals as a
means of growing their operations," said Graham
Cluley, senior technology consultant at Sophos. "You should
never even be tempted to open a spam message out of curiosity, as
it can only take a second to effectively hand over control of your
computer to the spammers. If your computer does become part of a
botnet, you're also inviting further malware infections, which may
compromise your personal or banking details."
Sophos also notes a rise in social networking spam during Q3
2010, with the widely reported
'onMouseOver' exploit creating spam tweets on Twitter, and a
raft of Facebook scams that have been created by spammers to
generate money from survey websites.
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
"What's interesting about the Facebook scams is that they
exploit human weaknesses to spread - tricking users into filling in
a questionnaire if they want to see a shocking picture or video
that may not even exist," added Cluley. "Unfortunately, these scams
continue to proliferate, with new ones springing up every day, and
Facebook seemingly unable to kill them off permanently."
One Facebook spammer has, however, recently been
fined for using the social network to promote the sale of
drugs. Canadian Adam Guerbuez was fined US $100 for every one of
the 4,366,386 spam posts he made, resulting in total fine of US
$873.3 million.
Guerbuez was able to spam from Facebook users' accounts after
phishing their login details.
"Always take care over where you enter your login credentials -
be aware that you might be on a bogus website that has been created
purely for the purposes of grabbing your username and password, and
for those details to then be used to send spam to others,"
explained Cluley.
The best way for computer users to reduce the risk of being
compromised is to run anti-spam and
anti-malware protection, behave sensibly when online, and
ensure systems are up-to-date with security patches.
Sophos recommends that companies automatically update their
corporate virus protection, and run a consolidated solution at
their email and web gateways to defend against spam and
viruses.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.