Sophos reveals latest 'dirty dozen' spam relaying countries

Sophos, a world leader in IT security, has published its latest report on the top 12 spam relaying countries over the third quarter of 2006.

Experts at SophosLabs scanned all spam messages received in the company's global network of spam traps, and have revealed that the US struggles to significantly reduce its level of relayed spam, with more than a fifth (21.6%) of the world's spam originating from there.

Sophos experts believe that a possible reason for America's increasing lead in relayed spam when compared to its closest rival, China, is the emergence of over 300 strains of the mass-spammed Stratio worm.

The worm, also known as Stration or Warezov, uses a trick dependent on the victim being able to speak English in its attempt to convert innocent PCs into members of a spam botnet.

The top 12 spam relaying countries are as follows:

July to September 2006

1. United States 21.6%
2. China (including Hong Kong) 13.4%
3. France 6.3%
4. South Korea 6.3%
5. Spain 5.8%
6. Poland 4.8%
7. Brazil 4.7%
8. Italy 4.3%
9. Germany 3%
10. Taiwan 2%
11. Israel 1.8% (new entry)
12. Japan 1.7%
Others 24.3%

Most unsolicited e-mails are now sent from zombie PCs - computers infected with Trojans, worms and viruses that turn them into spam-spewing bots, says Brett Myroff, CEO of master Sophos distributor, NetXactics.

"In the past, hackers relied on operating system vulnerabilities to convert innocent computers into zombies. Now, they are turning back to malware to trick users into running their malicious code, and opening the backdoor to hackers."

Hundreds of new versions of the Stratio worm have helped steadily increase the volume of spam seen travelling across the Net.

Elsewhere in the chart, China has managed to decrease the proportion of spam it relays by 6.6% since last quarter. The UK has successfully dropped out of the chart altogether and is currently in 13th position, while Israel has entered for the first time, taking 11th place. Q3 has also seen spammers deploy new tricks to try and fool both users and anti-spam software.

The use of spam containing embedded images continued to rise in Q3, and currently accounts for nearly 40% of all spam, the vast majority being used by pump-and-dump stock spam campaigns. This trick gives spammers a better chance of having their messages read, since images can avoid detection by those anti-spam filters that can only analyse textual content. Often, image spam is animated to further help the message bypass the filter. Having multiple layers of images loaded on top of each other adds "noise", which complicates the message by making every one unique.

In another pump-and-dump spam twist, criminals are also spamming companies with e-mail messages that offer to boost their stock price in return for payment. This could not only enable spammers to boost the value of their own share portfolio, but also see them get paid by the businesses they are helping to cheat the stock market.

Sophos has also identified new tricks being used to harvest e-mail addresses for spam purposes. The first asks recipients to forward their chain e-mails for a fake research project, while another campaign encourages users to visit a video tribute Web site, which then requests their e-mail address in order to view the full video.

"Integrated anti-malware and anti-spam protection is getting the better of illegal spam peddlers - forcing them to get more creative and crooked. However, if people are playing their security cards right, the spammers' efforts will still be in vain," says Myroff.

Despite hefty fines and sentences being dealt out to guilty spammers around the world, those behind these intrusive e-mails continue to take their chances.

Q3 of 2006 has seen some high profile legal action being taken against spammers. In September, the Australian Communications Authority (ACMA) launched an investigation into the activities of a man suspected of sending more than two billion 'Viagra spam' e-mails, while in the US, action is being taken against two companies accused of sending unsolicited e-mails about gambling and alcoholic drinks to children.

Also in the US, William Bailey Jr of North Carolina faces a maximum sentence of 55 years in jail and $2 750 000 in fines if found guilty of illegally downloading contact details of 80 000 members of the America College of Physicians.

Asia continues to be the largest source of spam, although the proportion of spam it relays decreased by 6.1% since Q2 2006. Europe is currently in second position, but is closing the gap having increased the share of spam it produces by 4.8% in the last quarter.

The breakdown of spam relayed by continent is as follows:

July to September 2006

1. Asia 34.1%
2. Europe 31.9%
3. North America 24.2%
4. South America 8.3%
5. Africa 1%
6. Australasia 0.5%

Sophos recommends that computer users ensure they keep their security software up-to-date, as well as using a properly configured firewall and installing the latest operating system security patches. Businesses must also look to implement a best practice policy regarding e-mail account usage.

For more information on 'Best practice advice for minimising exposure to spam', please visit: www.sophos.com/security/best-practice/.

An image showing the levels of image spam during Q3 2006 can be found at www.sophos.com/xxx.