Russia emerges as spam superpower, as Asia and Europe overtake North America

February 11, 2008 Sophos Press Release

IT security and control firm Sophos has published its latest report on the top twelve spam-relaying countries over the final quarter of 2007.

Experts at SophosLabs scanned all spam messages received in the company's global network of spam traps, and have revealed a dramatic rise in the proportion of the world's spam messages being sent from compromised Russian computers. The country has stormed into second place, accounting for 8.3% of the world's spam, or one in twelve junk mails seen in inboxes. Russia's rise is echoed in Sophos's research into which continents make the greatest contribution to the spam problem - with Asia and Europe overtaking North America.

Between October-December 2007, the USA relayed far more spam than any other country - testament to the sheer number of computers in the country that have been taken over by remote hackers. Representing the lion's share of total spam traffic, the United States' 21 percent slice means that more than one in five of all the world's spam emails was being sent through compromised American computers.

The top twelve spam-relaying countries are as follows:

Position Country Percentage
1 United States
2 Russia
3 China (inc.Hong Kong)
4 Brazil
5 S Korea
6 Turkey
7 Italy
8 Poland
9 Germany
10= Spain
10= Mexico
12 United Kingdom
Others 35.7%

"Responsible for a third of all unwanted email, USA and Russia can be viewed as the two dirty men of the spam generation, polluting email traffic with unwanted and potentially malicious messages," said Carole Theriault, senior security consultant at Sophos. "It's not the case that a third of the world's spammers are based in those countries, but that legions of computers are poorly defended, allowing hackers to break in and turn them into botnets for the spreading of spam and malware."

Spam by continent

Sophos's breakdown of spam relaying by continent is as follows:

Position Continent Percentage
1 Asia
2 Europe
3 North America
4 South America
5 Africa
Others 0.7%

Falling from first to third place, North America has managed to reduce the proportion of spam it is relaying from 32.3 percent to 26.5 percent, and has been overtaken by Asia at the top of the chart, and Europe in second place.

"Financially-motivated criminals are controlling huge proportions of compromised zombie machines to launch these spam campaigns. This is big business for cybercriminals, so the authorities have the daunting task of educating users about the dangers of clicking on links or attachments in spam mails, while also making sure that service providers help in identifying compromised computers," continued Theriault. "This is a worldwide issue, affecting everyone who owns a computer. Businesses and computer users must take a more proactive approach to spam filtering and IT security in order to avoid adding to the problem."

MP3 pump-and-dump spam

Using spam to artificially inflate the price of stock is an ongoing spam trend, but October 2007 saw one of the bizarrest ever schemes, when a pump-and-dump campaign used MP3 files in an attempt to manipulate share prices. In an effort to bypass spam filters, cybercriminals sent out their messages with supposed music files from stars such as Elvis Presley, Fergie and Carrie Underwood, attached. The files actually contained a monotone voice encouraging people to buy shares in a little-known company.

"Some may have thought Elvis had returned from the grave when they received these spam emails, but they were designed to trick armchair investors into making unwise investments," explained Theriault. "Spammers will go to extraordinary lengths to try and ensure that their marketing messages reach their intended pool of victims."

Last month Sophos published its annual Security Threat Report, which discussed the ways in which financially-motivated cybercriminals use compromised computers to relay their spam messages around the world.

Sophos recommends that computer users ensure they keep their security software up-to-date, as well as using a properly configured firewall and installing the latest operating system security patches. Businesses must also look to implement a best practice policy regarding email account usage.