6 November 2006
Sophos reveals "Dirty Dozen" spam producing countries
US increases lead in chart, as English-speaking worm converts PCs into spam-spewing zombies
Sophos, a world leader in IT security, has published its latest report on the
top twelve spam relaying countries over the third quarter of 2006.
Sophos experts believe that a possible reason for America's increasing lead
in relayed spam when compared to its closest rival, China, is the emergence
of over 300 strains of the mass-spammed Stratio worm. The worm, also known
as Stration or Warezov, uses a trick dependent on the victim being able
to speak English in its attempt to convert innocent PCs into members of
a spam botnet.
The top twelve spam relaying countries in July-September 2006 are as follows:
| Position | Country | Percentage |
| 1 | United States | |
| 2 | China (incl Hong Kong) | |
| 3 | France | |
| 3 | South Korea | |
| 5 | Spain | |
| 6 | Poland | |
| 7 | Brazil | |
| 8 | Italy | |
| 9 | Germany | |
| 10 | Taiwan | |
| 11 | Israel | |
| 12 | Japan | |
| Others | 24.3% |
"Most unsolicited emails are now sent from zombie PCs - computers infected with Trojans, worms and viruses that turn them into spam-spewing bots. In the past hackers were very reliant on operating system vulnerabilities to convert an innocent computer into a zombie - now they are turning back to malware to trick users into running their malicious code, and opening the backdoor to hackers," said Carole Theriault, senior security consultant at Sophos. "Hundreds of new versions of the Stratio worm have helped steadily increase the volume of spam seen travelling across the net."
Elsewhere in the chart, China has managed to decrease the proportion of spam it relays by 6.6% since last quarter. The UK has successfully dropped out of the chart altogether and is currently in 13th position, while Israel has entered for the first time, taking 11th place. Q3 has also seen spammers deploy new tricks to try and fool both users and anti-spam software.
Spammers rely more on images to bypass filters in pump-and-dump scams
The use of spam containing embedded images continued to rise in Q3 and currently accounts for nearly 40% of all spam, the vast majority being used by pump-and-dump stock spam campaigns. This trick gives spammers a better chance of having their messages read, since images can avoid detection by those anti-spam filters that can only analyse textual content. Often, image spam is animated to further help the message bypass the filter. Having multiple layers of images loaded on top of each other adds "noise", which complicates the message by making every one unique.
Day-to-day levels of image spam in September and October 2006.
In another pump-and-dump spam twist, criminals are also spamming companies with email messages that offer to boost their stock price in return for payment. This could not only enable spammers to boost the value of their own share portfolio, but also see them get paid by the businesses they are helping to cheat the stock market.
Spammers deploy new email harvesting techniques
Sophos has also identified new tricks being used to harvest email addresses for
spam purposes. The first asks recipients to forward their chain emails for a fake research project, while another campaign encourages users to visit a video tribute website, which then requests their email address in order to view the full video.
"Integrated anti-malware and anti-spam protection is getting the better of illegal spam peddlers - forcing them to get more creative and crooked. However, if people are playing their security cards right, the spammers' efforts will still be in vain," continued Theriault. "What's most surprising is that those behind these intrusive emails continue to take their chances, despite hefty fines and sentences being dealt out to guilty spammers around the world."
Spammers under the legal microscope
Q3 of 2006 has seen some high profile legal action being taken against spammers. In September, the Australian Communications Authority (ACMA) launched an investigation into the activities of a man suspected of sending more than two billion 'Viagra spam' emails, while in the US, action is being taken against two companies accused of sending unsolicited emails about gambling and alcoholic drinks to children. Also in the US, William Bailey, Jr of North Carolina, faces a maximum sentence of 55 years in jail and 2,750,000 US dollars in fines if found guilty of illegally downloading contact details of 80,000 members of the America College of Physicians.
Spam relayed by continent
Asia continues to be the largest source of spam, although the proportion of spam it relays has reduced by 6.1% since Q2 2006. Europe is currently in second position, but is closing the gap having increased the share of spam it produces by 4.8% in the last quarter.
The breakdown of spam relaying by continent in July-September 2006 is as follows:
| Position | Continent | Percentage |
| 1 | Asia | |
| 2 | Europe | |
| 3 | North America | |
| 4 | South America | |
| 5 | Africa | |
| 6 | Australasia | |
Sophos recommends that computer users ensure they keep their security software up-to-date, as well as using a properly configured firewall and installing the latest operating system security patches. Businesses must also look to implement a best practice policy regarding email account usage.
Readers Choice Awards 2009Information Security Magazine
- Please vote for Sophos and Utimaco!
- Subscribe to the Information Security
newsletter to vote.
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security
solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
See also:
Security news
Security news
