U.S. takes title as top spam-relaying nation in Q2
The good effects of CAN-SPAM appear to be diminishing
Computing South Africa - Sophos has published a report on the top 12 spam-relaying countries over the second quarter of 2006.
Experts at SophosLabs scanned all spam messages received in the company's global network of spam traps, revealing that for the first time in more than two years, the U.S. has failed to make inroads into its spam-relaying problem. The U.S. remains stuck at the top of the chart and is the source of 23.2% of the world's spam. Its closest rivals are China and South Korea, although both of these nations have managed to reduce their statistics since Q1 2006.
The vast majority of this spam is relayed by "zombies," also known as botnet computers, hijacked by Trojan horses, worms and viruses under the control of hackers.
The top 12 spam-relaying countries between April and June 2006 are as follows:
- U.S. -- 23.2%
- China (including Hong Kong) -- 20%
- South Korea -- 7.5%
- France -- 5.2%
- Spain -- 4.8%
- Poland -- 3.6%
- Brazil -- 3.1%
- Italy -- 3%
- Germany -- 2.5%
- U.K. -- 1.8%
- Taiwan -- 1.7%
- Japan -- 1.6%
Others -- 22%
Sophos noted that spam is even being relayed from the Vatican and Antarctica.
Since the introduction of the CAN-SPAM legislation in 2004, there has been a regular quarter-on-quarter drop in the proportion of spam coming from the U.S. -- until now.
"It is difficult to criticize the U.S. for failing to take action, given the number of arrests and the huge fines for guilty spammers. The likely reality is that these statistics will not drop unless U.S. home users take action to secure their computers and put a halt to the zombie PC problem," said Brett Myroff, CEO of master Sophos distributor NetXactics.
Even though Russia does not feature in the dirty dozen of spam-relaying countries, Sophos has uncovered evidence that Russian spammers may be controlling vast networks of zombie PCs. Sophos recently discovered a Russian spamming price list, which showed that $500 would purchase e-mail distribution to 11 million Russian e-mail addresses. On top of this, companies could buy distribution to 1 million addresses in any country they wanted for just $50.
One key development in 2006 so far has been the increase in spam containing embedded images, which has risen sharply from 18.2% in January to 35.9% in June. By using images instead of text, messages are able to avoid detection by some antispam filters that rely on the analysis of textual spam content.
Sophos estimates that 15% of all spam e-mails are now pump-and-dump scams, compared to just 0.8% in January 2005. These scams are e-mail campaigns designed to boost the value of a company's stock in order for spammers to make a quick profit. Many of these spam messages contain images rather than traditional text.
"It is always a concern to see so many pump-and-dump e-mails, particularly as the people acting on these e-mails are not skilled investors. They do not realize that purchasing the shares will not reap any rewards, and benefits only the spammers, while creating a financial roller coaster for the organization in question," says Myroff.
Sophos recommends that computer users ensure that they keep their security software up to date, as well as using a properly configured firewall and installing the latest operating system security patches. Businesses must also look to implement a best-practice policy regarding e-mail account usage.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Gartner Report: A Guide to Gartner's Enterprise Mobile Security Self-Assessment Gartner introduces a model and a Toolkit intended to help mobility and security IT leaders assess their enterprise mobility programs from a security...
- Gartner Report: Containing Mobile Security Risks With the 80/20 Rule IT planners can deliver better mobile protection with higher user satisfaction by segmenting users into risk groups before committing to specific management or...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts