USA to blame for one in six spam emails, Sophos reports

July 20, 2009 Sophos Press Release

IT security and data protection firm Sophos has published its report on the latest trends in spam, revealing the top twelve spam-relaying countries for the second quarter of 2009. By scanning all spam messages caught in SophosLabs' global network of spam traps, researchers have identified the top 'Dirty Dozen' spam relaying nations between April and June this year.

During the second quarter of 2009, the USA continued to relay more spam than any other country - the nation's 15.6 percent contribution to global spam traffic meaning that one in six junk emails were sent through compromised computers in the country. In contrast, Russia, a former spam super-power, continues to fall down the ranks.

Russia currently resides at ninth position in the chart, relaying a mere 3.2 percent of spam messages. This represents a significant reduction compared to the same time last year when the country came second only to the United States and was responsible for relaying 7.5 percent of all spam emails.

Poland has seen the biggest single increase in spam output since the last quarter, moving up from tenth to sixth place in this global 'hall of shame', with the country now responsible for relaying 4.2 percent of all the world's electronic junk messages. Colombia is the only nation to have left the 'Dirty Dozen' since Q1 2009, with Vietnam a new entry this quarter.

The top twelve countries responsible for relaying spam across the globe between April and June 2009 are as follows: Spam relayed by country

"Barack Obama's recent speech on cybersecurity emphasised the threat posed by overseas criminals and enemy states, but these figures prove that there is a significant problem in his own back yard. If America could clean up its compromised PCs it would be a considerable benefit to everyone around the world who uses the net," said Graham Cluley, senior technology consultant for Sophos. "All web users need to properly defend their computers from attack, and pledge to never act upon spam messages."

Spammers exploiting new vectors of attack

Over the past year, the booming popularity of social networking - in particular, micro-blogging service Twitter - has driven growth in services such as TinyURL, and The services are used to create conveniently shortened links that re-direct to web pages with lengthier URLs. This is being exploited by hackers that will use the services to obscure links to offensive material or malicious websites, and then distribute the links in spam emails, as well as posting them on Twitter and other networks.

Earlier this year, link-shortening service Cligs was attacked by hackers, who redirected links created with the service to a single site of their choice - demonstrating how unsuspecting web users can find themselves visiting unexpected websites when clicking on shortened links. As social networking and related online services continue to grow in popularity, Sophos experts note that poorly protected computer users could become more vulnerable to a wider range of spam attacks.

"Clearly the problem isn't going away, as is illustrated by the large number of sprawling spam campaigns we see on a daily basis," continued Cluley. "Although it may seem encouraging to see reductions in the volume of spam that certain countries are contributing, authorities, ISPs and home users across the world need to be doing more to crack down on the spam problem."

Spam relayed by continent, April - June 2009

Overall by continent, Asia continues to be the biggest offender. Almost a third of spam message originated in the region for the second quarter of 2009, with the nations of South Korea and China being the biggest contributors.

Spam relayed by continent

Sophos recommends companies automatically update their corporate virus protection, and run a consolidated solution at their email and web gateways to defend against viruses and spam.