Sophos reveals "dirty dozen" spam-relaying countries for Q3 2007

October 24, 2007 Sophos Press Release

IT security and control firm Sophos has published its latest report on the top twelve spam-relaying countries over the third quarter of 2007.

Experts at SophosLabs scanned all spam messages received in the company's global network of spam traps, and have revealed that yet again the US relayed more spam than any other nation, accounting for a massive 28.4 percent - meaning that almost one in three of all the world's spam emails is being sent through a compromised US computer. The gap between the US and its nearest rival has also increased significantly, with second placed South Korea only responsible for relaying 5.2 percent, or one in twenty spam messages.

The top twelve spam-relaying countries are as follows:

Position Country Percentage
1 United States
2 South Korea
3 China (inc.Hong Kong)
4 Russia
5 Brazil
6 France
7 Germany
8 Turkey
9 Poland
10 United Kingdom
11 Romania
12 Mexico
Others 33.9%

"It seems as though a major American spammer is arrested every other week at the moment, but despite these high-profile lawbreakers being put away, the US continues to relay far more spam than any other nation on the planet," said Carole Theriault, senior security consultant at Sophos. "This level of activity can't be attributed solely to the slick operations of a few cash-hungry criminals. The problem is there are thousands of spammers using many thousands of compromised zombie computers in the US. The only way we're going to reduce the problem is if US authorities invest a lot more in educating computer users of the dangers, while ensuring ISPs step up their monitoring efforts to identify these compromised machines as early as possible."

According to Sophos, while the US has risen substantially in the spam stakes, neighbouring Canada has continued to make good progress in eradicating the spam problem, further reducing its spam-relaying figure during Q3 to just 0.8 percent.

"The US needs to take note and learn from its northern neighbour, which is doing a sterling job of combating the spammers, thanks in no small part to the Government's Task Force on Spam," continued Theriault. "Canada got its act together early, publishing its 'Anti-Spam Action Plan' in 2004, and since then has made a sustained effort to engage ISPs, businesses and consumers, to really crack down on the problem. Canadian computer users have every right to be frustrated - even though they're hardly contributing to the spam problem, they're doubtless continuing to receive a wad of unsolicited email that's being relayed south of the border."

Malicious spam growth

During August 2007 Sophos identified a series of large-scale malware attacks made via spam email, with weblinks inserted into spam messages that directed recipients to malicious websites designed to infect their PCs.

One such campaign involved ecard spam, with an estimated nine million malicious ecard messages being sent out within a 48-hour period. Users that visited the link contained in the message would not receive an ecard, but would find their PC infected by the JSEcard Trojan horse, thus exposing it to further threats. Similar campaigns were launched that offered pictures of nude celebrities, YouTube movies, and pop music videos, providing recipients clicked on the malicious link enclosed.

The death of PDF spam?

Having been first identified in June 2007, August saw a dramatic rise in the amount of PDF spam being relayed, only for it to tail away in similarly dramatic fashion shortly after. In early August SophosLabs identified a new spam message with an attached PDF file, urging internet users to purchase shares in a company called Prime Time Group Inc. The spike in spam was so significant that it resulted in the amount of spam seen by Sophos's global traps rising by 30 percent in 24 hours.

However, just weeks later, levels of PDF spam had dropped to virtually zero - evidence that the new tactic had not been entirely successful in its attempts to encourage investment. Sophos experts note that PDF spam is not an immediate way of communicating with an audience, particularly when compared to a marketing message within an email client's preview pane, which may account for why it did not resonate with recipients.

Spam relayed by continent

The massive rise in the US's relaying caused North America to overtake Asia and Europe to become the biggest spam-relaying continent during Q3 2007. Asia followed close behind, due to the large number of individual Asian nations relaying spam, while Europe managed to reduce its overall figure by 3.7 percent.

The breakdown of spam-relaying by continent is as follows:

Position Continent Percentage
1 North America
2 Asia
3 Europe
4 South America
5 Africa
Others 0.6%

Sophos recommends that computer users ensure they keep their security software up-to-date, as well as using a properly configured firewall and installing the latest operating system security patches. Businesses must also look to implement a best practice policy regarding email account usage.