Press Releases

Browse our press release archive

24 Jul 2006

Sophos reveals 'dirty dozen' spam relaying countries

US spam reduction stalls while spam sent through European zombie PCs gains momentum

Sophos, a world leader in protecting businesses against viruses, spyware and spam, has published its latest report on the top twelve spam relaying countries over the second quarter of 2006.

Experts at SophosLabs™ scanned all spam messages received in the company's global network of spam traps, and have revealed that for the first time in more than two years, the United States has failed to make inroads into its spam-relaying problem. The US remains stuck at the top of the chart and is the source of 23.2 percent of the world's spam. Its closest rivals are China and South Korea, although both of these nations have managed to reduce their statistics since Q1 2006. The vast majority of this spam is relayed by 'zombies', also known as botnet computers, hijacked by Trojan horses, worms and viruses under the control of hackers.

The top twelve spam relaying countries are as follows:

April to June 2006
1. United States 23.2%
2. China (& Hong Kong) 20.0%
3. South Korea 7.5%
4. France 5.2%
5. Spain 4.8%
6. Poland 3.6%
7. Brazil 3.1%
8. Italy 3.0%
9. Germany 2.5%
10. United Kingdom 1.8%
11. Taiwan 1.7%
12. Japan 1.6%
Others 22.0%

"Since the introduction of the CAN-SPAM legislation in 2004, we've seen a regular quarter-on-quarter drop in the proportion of spam coming from the US - until now, that is," said Graham Cluley, senior technology consultant at Sophos. "Given the number of arrests, and the huge fines dished out to guilty spammers, it's hard to criticise the US for failing to take action. Perhaps the reality is that the statistics can't be reduced any further unless US home users take action to secure their computers and put a halt to the zombie PC problem."

Spam relayed by continent

Asia accounts for more spam than any other continent, however spam relaying in Europe continues to become more prevalent. While in Q1 2006, 25 percent of the world's spam was sent out from European countries, the figure has now reached 27.1 percent. Europe has now overtaken North America as a spreader of spam.

The breakdown of spam relaying by continent is as follows:

April to June 2006
1. Asia 40.2%
2. Europe 27.1%
3. North America 25.7%
4. South America 5.5%
5= Australasia 0.7%
5= Africa 0.7%
Others 0.1%

Russia conspicuously absent from the dirty dozen

Even though Russia does not feature in the dirty dozen of spam relaying countries, Sophos has uncovered evidence that Russian spammers may be controlling vast networks of zombie PCs. Sophos recently discovered a Russian spamming price list, which showed that $500 would purchase email distribution to eleven million Russian email addresses. On top of this, companies could buy distribution to one million addresses in any country they wanted for just $50.

Russian spammers advertise their price lists for sending spam

Russian spammers advertise their price lists for sending spam.

Spammers use images to dodge anti-spam filters

One key development in 2006 so far has been the increase in spam containing embedded images, which has risen sharply from 18.2 percent in January to 35.9 percent in June. By using images instead of text, messages are able to avoid detection by some anti-spam filters that rely on the analysis of textual spam content.

An example of an email marketing drugs via image spam

An example of an email marketing drugs via image spam.

Pump-and-dump scams on the rise

Sophos estimates that 15 percent of all spam emails are now pump-and-dump scams, compared to just 0.8 percent in January 2005. These scams are email campaigns designed to boost the value of a company's stock in order for spammers to make a quick profit. Many of these spam messages contain images rather than traditional text.

An example of a stock pump-and-dump spam using an image instead of text

An example of a stock pump-and-dump spam using an image instead of text.

"It's worrying to see so many pump-and-dump emails - often with embedded graphics included - being spammed out to the general public," added Cluley. "The people that act upon these emails aren't skilled investors, and don't realise that purchasing the shares is likely to reap no reward, benefiting only the spammers, while creating a financial rollercoaster for the organisation in question."

Sophos recommends that computer users ensure they keep their security software up-to-date, as well as using a properly configured firewall and installing the latest operating system security patches. Businesses must also look to implement a best practice policy regarding email account usage.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at