Sophos reveals spam 'Dirty Dozen'

Johannesburg, 18 Apr 2008

Despite strict laws and some high-profile prosecutions, the US remains the world's leading generator of spam.

IT security firm Sophos says America generated 15% of the spam recorded around the world in the first quarter of this year. The company also confirms that 92.3% of all e-mail sent during the first three months of this year was spam.

"In addition, during this period, Sophos found 23 300 new spam-related Web pages every day, or one about every three seconds," says Sophos SA CEO Brett Myroff. He adds that Russia took second place, while Turkey came in at number three.

"Compromised computers in Turkey are now responsible for relaying 5.9% of the world's spam, compared to 3.8% in the final quarter of 2007," he says.

A look at Sophos' statistics shows both the US and Russia managed to reduce their contribution to the world spam glut compared to the last three months of 2007.

Even so, the number of spam messages sent from compromised Russian computers has more than doubled compared to last year. In the first quarter of 2007, Russia was in 10th position on the Sophos spam chart, relaying just 3% of the world's spam. Today, this figure stands at 7.4%.

The top 12 spam-relaying countries are as follows:

1. US (15.4%)
2. Russia (7.4%)
3. Turkey (5.9%)
4. China, including Hong Kong (5.5%)
5. Brazil (4.3%)
6. South Korea (4%)
7. Poland (3.8%)
8. Italy (3.6%)
9. Germany (3.4%)
9. UK (3.4%)
11. Spain (3.3%)
12. France (3.2%)
Other (36.8%)

Sophos experts note the rate at which new spam-related Web pages are being created is particularly worrying. By inserting Web links into their messages, spammers are hoping to avoid less sophisticated filters and trick unwary computer users into visiting the Web page and subsequently infecting their PCs.

"The spam plague is likely to continue as long as spammers can still make money from these nasty ruses," Myroff says. "Businesses must wise-up to this threat and recognise the importance of quarantining spam messages before they are delivered to the unsuspecting user.

"If the right security measures are put in place, businesses can not only save time and money, but can also protect their users from wider, malicious Web-based threats, which commonly originate as spam e-mails with links to infected sites," he says.

"If users do not make a conscious effort to improve their computer security, as well as keeping it up-to-date, then they may as well hand their machines over to the hackers for use as malware-spreading botnets," says Myroff.