Sophos research reveals dirty dozen spam-relaying nations

Sophos Press Release

Poles poll third highest as UK avoids chart for first quarter of 2007

Sophos, a world leader in IT security and control, has published its latest report on the top twelve spam relaying countries over the first quarter of 2007.

Experts at SophosLabs™ scanned all spam messages received in the company's global network of spam traps, and have revealed that yet again, the US relayed considerably more spam than other nations, with just under a fifth (19.8%) of the world's spam originating from US-based computers. Surprisingly however, Sophos notes the unexpected ascendancy of Poland in the dirty dozen - with the country now lying in third place - as well as a first-time appearance for India in the chart. The UK, which sat in tenth place during Q1 2006, has managed to bypass being named and shamed, occupying 13th place and accounting for 2.2% of all spam relayed.

According to Sophos, the overall volume of spam rose by around 4.2% during Q1 2007, when compared to the same period in 2006.

The top twelve spam relaying countries are as follows:

Position Country Percentage of spam relayed
1 United States
2 China (including Hong Kong)
3 Poland
4 South Korea
5 Italy
6 France
7 Germany
8 Spain
9 Brazil
10 Russia
11 India
12 Taiwan
Others 30.6%

"The US stands out like a sore thumb in this dirty dozen," said Carole Theriault, senior security consultant at Sophos. "China, who until recently was an intimate rival to the US, dropped dramatically during the last quarter. Poland, on the other hand, has now gate-crashed the top three. The fact that its population, and undoubtedly its number of computers, is much lower than the likes of Russia, India, China and the States, suggests that Polish users need to take a close look at the security holes on their computers. Polish authorities would be wise to educate users on safe computing to ensure that they are not responsible for sending out massive gluts of spam."

Between January and March 2006 Poland was responsible for just 3.8% of spam-relaying, almost half its current percentage. Though the US remains in first place, it has reduced its relaying in the past twelve months, suggesting that the nation is getting clued up about securing its computers.

Pump-and-dump spreads to Europe

In March 2007 Sophos identified the first pump-and-dump stock scam preying upon a company listed outside the USA, emphasising just how successful the technique is proving for cybercriminals worldwide. Emails encouraging investment in Stonebridge Resources Exploration Ltd, which was first listed on the Frankfurt Stock Exchange on 1 March 2007, circulated for several days. This caused the stock price to inflate substantially, before crashing back down as the spammers sold their shares.

Scammers attempted to manipulate stock prices on the Frankfurt Stock Exchange
Scammers attempted to manipulate stock prices on the Frankfurt Stock Exchange.

Pump-and-dump scam emails deploy a number of tactics designed to evade conventional anti-spam filters, such as using embedded images, or 'spamglish' - a mixture of random English words. Earlier in the same month, the US Securities and Exchange Commission suspended trading of 35 companies that were the subject of pump-and-dump campaigns, in a bid to thwart the spammers' plans and protect investors.

Mobile phone spam on the rise

The first quarter of 2007 saw two high profile cases of SMS spamming to mobile phones, both of which resulted in legal action being taken against the perpetrators. In January Sophos reported on a Florida couple being sued for sending five million spam messages to mobile phones advertising timeshares, while the following month, network operator Verizon Wireless won an injunction against a company which sent almost 100,000 spam messages to its customers.

"SMS spamming represents a handy new tactic for dodgy marketers - many people are used to ignoring unsolicited email spam, but they don't necessarily expect it to turn up on their mobile handsets," said Theriault. "Instances of SMS abuse should always be reported to network providers, however it should be noted that while this type of spamming is on the increase, it still represents a tiny problem compared to email spam."

Spam relayed by continent

Fuelled by the growth in foreign language spam targeted at European computer users, along with China's sudden drop in spam-relaying, Europe has now surpassed Asia as the highest spam-relaying continent, responsible for more than a third (35.0%) of the world's spam. Furthermore, while the US heads up the individual countries list, North America as a whole has managed to reduce its output, and now relays considerably less than Europe.

The breakdown of spam relaying by continent is as follows:

Position Continent Percentage of spam relayed
1 Europe
2 Asia
3 North America
4 South America
5 Africa
6 Australasia
7 Antarctica

Sophos recommends that computer users ensure they keep their security software up-to-date, as well as using a properly configured firewall and installing the latest operating system security patches. Businesses must also look to implement a best practice policy regarding email account usage.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at