Sophos reveals dirty dozen spam-relaying nations for Q3 2008

IT security and control firm Sophos has released the results of its investigation into the latest spam trends and revealed the top 12 spam-relaying countries for the third quarter of 2008. The figures show an alarming rise in the proportion of spam e-mails sent with malicious attachments between July and September 2008, as well as an increase in spam attacks using social engineering techniques to snare unsuspecting computer users.

Sophos's latest report reveals that one in every 416 e-mail messages between July and September contained a dangerous attachment, designed to infect the recipient's computer - a staggering eight-fold rise compared to the previous quarter where the figure stood at only one in every 3 333 e-mails.

Sophos has identified that much of this increase can be attributed to several large-scale malware attacks made by spammers during the period. The worst single attack was the Agent-HNY Trojan horse which was disguised as the Penguin Panic arcade game for Apple iPhones. Other major incidents included the EncPk-CZ Trojan which pretended to be a Microsoft security patch, and the Invo-Zip malware, which masqueraded as a notice of a failed parcel delivery from firms such as UPS.

Windows users opening any of these attachments exposed their PCs to the risk of infection and potentially put their identity and finances at risk. The most widespread attacks seen by Sophos are not designed to run on Unix and Mac OS X.

"For Apple Mac and Unix users, these major spam attacks just mean a clogged-up inbox, not an infected operating system. But organised criminals are however causing havoc for Windows users in the hunt for hard cash," says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa. "Too many people are clicking without thinking and exposing themselves to hackers who are intent on gaining access to confidential information and raiding bank accounts. The advice is simple: never open unsolicited attachments, however tempting they may appear."

As well as using malicious e-mail attachments, cybercriminals have continued to embed malicious links and spam out creative and timely attacks designed to prey on users' curiosity.

For example, in August, Sophos warned of a widespread wave of spam messages claiming to be breaking news alerts from MSNBC and CNN. Each e-mail encouraged users to click on a link to read the news story, but instead, took unsuspecting users to a malicious Web page which infected Windows PCs with the Mal/EncPk-DA Trojan horse.

"Many users are fooled by a spam e-mail that appears to come from a trusted source, and end up clicking through to a malicious Web page," says Myroff. “In the past, hackers were teenage mischief-makers; today they are criminals with no qualms about breaking into your home and stealing everything they can get their hands on."

Spammers have proven themselves to be unafraid of trying new methods of distributing their marketing messages and spreading their malware to an undefended public during the last three months. Sophos has seen an escalation in the amount of spam being sent via social networking Web sites such as Facebook and Twitter, and expects to see this continue to rise.

This quarter's report has seen three new entries to the spam hall of shame -Colombia and Thailand have assumed eleventh and twelfth place respectively, while India has shot straight into the chart at number seven.

"Unsecured computers can be easily hijacked remotely and joined to sprawling

networks of botnets designed to create chaos by sending floods of spam and carrying out denial-of-service attacks," explains Myroff. “By not properly defending a PC, users are not only putting their own data, finances, and identity at risk, but also endangering other Internet users."

Sophos identified the top 12 countries responsible for relaying spam across the globe between July and September 2008:

1. United States 18.9%
2. Russia 8.3%
3. Turkey 8.2%
4. China (including Hong Kong) 5.4%
5. Brazil 4.5%
6. South Korea 3.8%
7. India 3.5%
8. Argentina 2.9%
9. Italy 2.8%
10. United Kingdom 2.7%
11. Colombia 2.5%
12. Thailand 2.4%
Other 34.3%

Other countries

14 Germany 2.27%
15 Spain 2.17%
17 France 1.74%
22 Canada 1.18%
29 Japan 0.65%
31 Netherlands 0.60%
32 Australia 0.56%
41 Switzerland 0.29%
42 Singapore 0.29%
48 Ireland 0.23%
49 Austria 0.22%
54 South Africa 0.17%
64 New Zealand 0.11%
67 Belgium 0.10%
95 Luxembourg 0.03%

Whilst the United States retains its position as the top relayer of spam, Russia has increased its contribution to the world spam problem, soaring from 4.4% last year, to 8.3% during this time period.

1. Asia 39.8%
2. Europe 23.9%
3. North America 21.8%
4. South America 13.2%
5. Africa 1.0%
Other 0.3%

According to Sophos researchers, there is no sign that recent legal action by the authorities against major spam gangs have had any perceptible impact on the amount of spam in circulation.

Sophos recommends companies automatically update their corporate virus protection, and run a consolidated solution at their e-mail and Web gateways to defend against viruses and spam.