Social networking sites and mobile phones used to spread spam, reports Sophos

IT security and control firm Sophos has published its report on the latest trends in spam, and revealed the top 12 spam-relaying countries for the second quarter of 2008.

The investigation reveals a disturbing rise in the level of e-mail spam travelling across the Internet between April-June 2008, and how some spammers are now using Facebook and mobile phones to spread their messages.

By June 2008, research reveals that the level of spam had risen to 96.5% of all business e-mail. Having risen from a figure of 92.3% in the first three months of the year, corporations are now facing the fact that only one in 28 e-mails is legitimate.

"It's going to be hard to do business unless companies have an effective anti-spam defence in place. Otherwise, the amount of junk mail will be swamping legitimate correspondence from customers and suppliers," says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa.

"Some spam is also not just a nuisance, but malicious in its intent - trying to get you to click on an attached Trojan horse or lead you to a dangerous Web site. Organisations need a consolidated anti-spam and anti-malware solution at their gateway, updated around the clock to neutralise the latest Internet attacks."

E-mail spam is almost always sent from innocent third party computers which have been hijacked by hackers. These botnet computers are owned by innocent parties, who are unaware that cyber-criminals are using them for financial gain. Typically they are home users who have not been properly protected with up-to-date anti-virus software, firewalls and security patches.

Sophos has identified the top 12 countries responsible for relaying spam across the globe:

April to June 2008

1. United States (14.9%)
2. Russia (7.5%)
3. Turkey (6.8%)
4. China, including HK (5.6%)
5. Brazil (4.5%)
6= Poland (3.6%)
6= Italy (3.6%)
8. South Korea (3.5%)
9= United Kingdom (3.2%)
9= Spain (3.2%)
11. Germany (3%)
12. Argentina (2.9%)
Other 37.7%

Sophos's breakdown of spam-relaying countries by continent is as follows:

April to June 2008:

1. Asia (35.4%)
2. Europe (29.5%)
3. North America (18.2%)
4. South America (14.8%)
5. Africa (1.2%)
Other 0.9%

Between April and June 2008, the computer users of US and Russia retained their first and second places as the top relayers of spam. "Much more needs to be done to raise awareness about computer security. These computers are under the remote control of hackers, which means they can be used not only for sending a tidal wave of spam, but also potentially steal banking details and credit card information for the purposes of identity theft," Myroff says.

Also retaining a place on the leader's podium of shame was Turkey, with a marked increase in spam since the same period last year - rising from ninth place and 2.9% in the second quarter of 2007, to third place and 6.8% this year.

A new addition to the chart this quarter is Argentina, which has knocked France out of the chart to take 12th place, and which is now responsible for relaying 2.9% of the world's spam e-mail.

"Argentina is the fastest growing economy in South America, which means lots more computers are connecting to the Internet. Spammers hijack poorly defended computers wherever they are in the world to join their sprawling botnets. Computers may be becoming more common, but IT security also has to be a top priority."

Sophos has discovered that spammers are increasingly using networking Web sites such as Facebook and LinkedIn to send their unwanted links to online stores and bogus lottery and financial scams.

"Spammers are finding themselves increasingly obstructed by corporate anti-spam defences at the e-mail gateway. To get around this, we are seeing spammers exploiting networks like Facebook to plant spam messages on other people's profiles - these don't just get read by the owner of the profile, but anyone else visiting his or her page," Myroff explains.

A picture of spams planted on a Facebook profile can be found here: http://www.sophos.com/images/common/misc/fbookspam1.gif In May, the LinkedIn business networking system was used by scammers seeking to swindle money from unwary corporate executives. On this occasion, the spammers offered a share of a non-existent $6.5 million inheritance fund, further highlighting the need for users to be vigilant to unsolicited approaches online.

Sophos experts note that the level of Facebook, Bebo and LinkedIn spam is still dwarfed by e-mail spam, but there is a growing trend for spammers to use other techniques to spread their messages.

Another growing method for spammers to spread their messages is via SMS texts sent to mobile phones.

"Spamming a lot of people via text message is an effective way of generating a flash-flood denial-of-service attack against the telephone system of an organisation you don't like," Myroff says. "As mobile operators give away more and more 'free texts per month' as part of their calling-plans, and make available SMS Web gateways that can be exploited by hackers, we may see more spammers using SMS to clog up phone lines."

"Spear phishing", which involves messages that have been personalised to a specific domain or organisation, has become more common in recent months. These e-mails will appear to come from a trusted source, such as a member of IT staff at the same company as the recipient, and ask for personal information or username and password confirmation. Those who reply to these messages will inadvertently be supplying information that the phisher can use for malicious purposes, such as identity fraud. Spear phishers generate the victims' addresses by using special software or using lists of employees found on the networks of social media sites such as Facebook or LinkedIn.

For more information on "Best practice advice for minimising exposure to spam", please visit www.sophos.com/security/best-practice/.