US ranked number one for relaying spam, Sophos reports

Sophos Press Release

One in five messages sent from US during Q3 2010; one in 20 from UK

IT security and control firm Sophos has published the latest report into the 'Dirty Dozen' spam-relaying countries, covering the third quarter of 2010. Since the second quarter this year, the spam output from the United States has increased significantly from 15.2% to 18.6% of global spam, making the country responsible for nearly one in five junk emails, and meaning that the USA contributes nearly 2.5 times more spam than the next worse offender, India.

The UK finds itself dropping one position since the previous quarter - from fourth to fifth place - and is now responsible for relaying 5% of all spam this quarter.

The top twelve spam relaying countries for July - September 2010

1. USA18.6%
2. India7.6%
3. Brazil5.7%
4. France5.4%
5. UK5.0%
6. Germany3.4%
7= Russia3.0%
7= S Korea3.0%
9. Vietnam2.9%
10. Italy2.8%
11. Romania2.3%
12. Spain1.8%

Top spam-relaying continents, July - September 2010

1. Europe33.1%
2. Asia30.0%
3. N America22.3%
4. S America11.5%
5. Africa2.3%

Almost all of this spam comes from malware-infected computers (known as bots or zombies) that are being controlled by 'botherder' cybercriminals. One of the primary tactics used by cybercriminals to grow botnets involves tricking computer users into clicking malicious links - either contained in spam email or social networking messages - which direct computers to malware infected webpages.

"Spam isn't just a nuisance, it's used by cybercriminals as a means of growing their operations," said Graham Cluley, senior technology consultant at Sophos. "You should never even be tempted to open a spam message out of curiosity, as it can only take a second to effectively hand over control of your computer to the spammers. If your computer does become part of a botnet, you're also inviting further malware infections, which may compromise your personal or banking details."

Sophos also notes a rise in social networking spam during Q3 2010, with the widely reported 'onMouseOver' exploit creating spam tweets on Twitter, and a raft of Facebook scams that have been created by spammers to generate money from survey websites.

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

"What's interesting about the Facebook scams is that they exploit human weaknesses to spread - tricking users into filling in a questionnaire if they want to see a shocking picture or video that may not even exist," added Cluley. "Unfortunately, these scams continue to proliferate, with new ones springing up every day, and Facebook seemingly unable to kill them off permanently."

Messages posted on Facebook

One Facebook spammer has, however, recently been fined for using the social network to promote the sale of drugs. Canadian Adam Guerbuez was fined US $100 for every one of the 4,366,386 spam posts he made, resulting in total fine of US $873.3 million.

Guerbuez was able to spam from Facebook users' accounts after phishing their login details.

"Always take care over where you enter your login credentials - be aware that you might be on a bogus website that has been created purely for the purposes of grabbing your username and password, and for those details to then be used to send spam to others," explained Cluley.

The best way for computer users to reduce the risk of being compromised is to run anti-spam and anti-malware protection, behave sensibly when online, and ensure systems are up-to-date with security patches.

Sophos recommends that companies automatically update their corporate virus protection, and run a consolidated solution at their email and web gateways to defend against spam and viruses.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at