U.S. Tops List of Spam-Relaying Countries in Q3 2006

Sophos has published a report on the top 12 spam-relaying countries during the third quarter of 2006.

SophosLabs scanned all spam messages received in the company’s global network of spam traps, and has revealed that the United States struggles to significantly reduce its level of relayed spam, with more than a fifth (21.6 percent) of the world’s spam originating from there.

Sophos believes that a possible reason for America’s increasing lead in relayed spam when compared to its closest rival, China, is the emergence of more than 300 strains of the mass-spammed Stratio worm. The worm, also known as Stration or Warezov, uses a trick dependent on the victim being able to speak English in its attempt to convert innocent PCs into members of a spam botnet.

The top 12 spam-relaying countries are as follows:

July to September 2006

1. United States: 21.6 percent

2. China (inc. Hong Kong): 13.4 percent

3. France: 6.3 percent

3. South Korea: 6.3 percent

5. Spain: 5.8 percent

6. Poland: 4.8 percent

7. Brazil: 4.7 percent

8. Italy: 4.3 percent

9. Germany: 3 percent

10. Taiwan: 2 percent

11. Israel: 1.8 percent

12. Japan: 1.7 percent

Others: 24.3 percent

Most unsolicited e-mails are now sent from zombie PCs—computers infected with Trojans, worms and viruses that turn them into spam-spewing bots, says Brett Myroff, CEO of master Sophos distributor NetXactics. “In the past, hackers relied on operating system vulnerabilities to convert innocent computers into zombies. Now, they are turning back to malware to trick users into running their malicious code, and opening the back door to hackers.” Hundreds of new versions of the Stratio worm have helped steadily increase the volume of spam seen traveling across the Net.

Elsewhere, China has managed to decrease the proportion of spam it relays by 6.6 percent since the last quarter. The United Kingdom has successfully dropped out of the chart altogether and is currently in 13th position, while Israel has entered for the first time, taking 11th place. The third quarter has also seen spammers deploy new tricks to try and fool both users and antispam software.

The use of spam containing embedded images continued to rise in the quarter, and currently accounts for nearly 40 percent of all spam, the vast majority being used by pump-and-dump stock spam campaigns. This trick gives spammers a better chance of having their messages read, since images can avoid detection by those antispam filters that can only analyze textual content. Often, image spam is animated to further help the message bypass the filter. Having multiple layers of images loaded on top of each other adds “noise,” which complicates the message by making every one unique.

In another pump-and-dump spam twist, criminals are spamming companies with e-mail messages that offer to boost their stock price in return for payment. This could not only enable spammers to boost the value of their own share portfolio, but also see them get paid by the businesses that they are helping to cheat the stock market.

Sophos has also identified new tricks being used to harvest e-mail addresses for spam purposes. The first asks recipients to forward their chain e-mails for a fake research project, while another campaign encourages users to visit a video tribute website, which then requests their e-mail address in order to view the full video.

“Integrated antimalware and antispam protection is getting the better of illegal spam peddlers, forcing them to get more creative and crooked. However, if people are playing their security cards right, the spammers’ efforts will still be in vain,” says Myroff. Despite hefty fines and sentences being dealt out to guilty spammers around the world, those behind these intrusive e-mails continue to take their chances.

The third quarter of 2006 has seen some high-profile legal action being taken against spammers. In September, the Australian Communications Authority (ACMA) launched an investigation into the activities of a man suspected of sending more than 2 billion “Viagra spam” e-mails, while in the United States, action is being taken against two companies accused of sending unsolicited e-mails about gambling and alcoholic drinks to children.

Also in the United States, William Bailey Jr. of North Carolina faces a maximum sentence of 55 years in jail and US$2.75 million in fines if found guilty of illegally downloading contact details of 80,000 members of the America College of Physicians.

Asia continues to be the largest source of spam, although the proportion of spam it relays decreased by 6.1 percent since the second quarter of 2006. Europe is currently in second position, but is closing the gap, having increased the share of spam it produces by 4.8 percent in the last quarter.

The breakdown of spam relayed by continent is as follows:

July to September 2006

1. Asia: 34.1 percent

2. Europe: 31.9 percent

3. North America: 24.2 percent

4. South America: 8.3 percent

5. Africa: 1 percent

6. Australasia: 0.5 percent

Sophos recommends that computer users ensure that they keep their security software up to date, as well as use a properly configured firewall and install the latest operating system security patches. Businesses must also look to implement a best practice policy regarding e-mail account usage.

-Computing SA staff, Computing South Africa

Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.