Information Security Today Home

New Books

Profiling Hackers: The Science of Criminal Profiling as Applied to the World of Hacking
Malicious Bots: An Inside Look into the Cyber-Criminal Underground of the Internet
Insider Computer Fraud: An In-depth Framework for Detecting and Defending against Insider IT Attacks
Mechanics of User Identification and Authentication: Fundamentals of Identity Management
Practical Hacking Techniques and Countermeasures

Latest "Dirty Dozen" Spam Report

IT security and control firm Sophos published its report on the latest trends in spam, and revealed the top twelve spam-relaying countries for the final quarter of 2008. The investigation reveals that, five years after Bill Gates predicted spam would be eradicated, it remains a major problem for computer users as spammers veer away from traditional techniques and get creative, with no end in sight.

On January 24, 2004 at the World Economic Forum in Davos, Switzerland, Bill Gates declared that spam would be ‘a thing of the past’ within two years. However, with the prophecy’s five-year anniversary approaching, experts at SophosLabs have revealed that the latest figures for Q4 2008 indicate that spam is still causing problems for computer users and assuming more guises than ever before. Furthermore, more spam is malicious and often designed to infect users’ computers via sophisticated malware attachments or a link to malicious or infected websites, in order to steal sensitive information.

"The rumors of spam’s death have been greatly exaggerated over the years; the threat remains alive and kicking despite increased legal action against spammers, the occasional takedown of Internet companies which assist the cybercriminals, and constantly improving anti-spam software," said Graham Cluley, senior technology consultant at Sophos. "Many IT professionals cast doubt on Bill Gates’ assertion back in 2004, deeming the timeframe of his pledge to be unrealistic. Although the latest stats show that the proportion of spam relayed per country may have decreased year-on-year, spammers have turned to more creative--not to mention devious--methods to ensure their messages reach as many unsuspecting computer users as possible."

New Avenues of Spam Attack
Cybercriminals have shown an increased attraction to social networking sites like Facebook and Twitter during this last quarter, indicating that spammers are successfully adapting their methods to suit the current environment. These sites have become part of many computer users’ daily routine, whether it’s logging on to see what their friends are up to, viewing photos, or updating their status, masses of personal information are updated every minute. Such frequent use makes social networking sites a prime target for spammers and malware authors who typically attempt to break into innocent users’ accounts and take advantage of trusted social networks to send spam and malware.

For example, in November, Sophos reported that Facebook had won an $873 million judgment against a Canadian man who bombarded millions of Facebook members with unsolicited spam messages. The spammer tricked users into revealing their passwords and usernames, and then used the information to gain access to their personal profiles. Facebook claimed that the man then sent out more than four million messages promoting products from marijuana to sexual enhancement drugs.

"Spammers really took to using sites like Facebook and Twitter as a vehicle for their spam antics during the last three months of 2008," continued Cluley. "Cybercriminals have cottoned onto the fact that social networking users can be more easily fooled into clicking on a link that appears to have come from a trusted Facebook friend, than if it arrived as an unsolicited email in their inbox. The notorious Nigerian 419 scammers have even evolved, masquerading as Facebook friends in order to trick unwary users into parting with valuable sensitive and financial information. Ultimately, while users are still falling for these scams, the fraudsters will continue. And while the authorities are making great progress, everyone must take steps to ensure they don’t fall victim."

US Retains Its Crown as Spam King
Between October and December 2008, the United States relayed most of the world’s unwanted emails. China has leapt back into second place, relaying a larger proportion of spam than it did in 2004, and Russia retains third position. In contrast, other nations like Canada, Japan and France--serial offenders five years ago--appear to have made progress and are no longer present in the list of spam reprobates.

"Although there’s no denying that some countries have significantly reduced their contribution to the spam epidemic over the past five years, the United States still holds the crown," said Cluley. "Though its spam contribution has significantly decreased since Bill Gates’ proclamation, falling from almost half of all spam relayed at the end of 2004, to 21.3 percent by the end of 2007, and now resting at 19.8 percent--this shows there’s certainly no quick fix."

Sophos identified the top twelve countries responsible for relaying spam across the globe between October and December 2008:

 1. United States19.8%
 2. China (incl. HK)9.9%
 3. Russia6.4%
 4. Brazil6.3%
 5. Turkey4.4%
 6. South Korea4.1%
 7. India3.6%
 8. Italy3.0%
 9. Spain2.9%
10. United Kingdom2.7%
11. Germany2.4%
12. Argentina2.1%

Spam Relayed by Continent, October-December 2008br> Asia continues to deliver over one third of all spam, and when combined with Europe, the two continents relay almost two thirds of the world’s unwanted emails.

1. Asia37.8%
2. North America23.6%
3. Europe23.4%
4. South America12.9%
5. Africa1.4%

Sophos recommends companies automatically update their corporate virus protection, and run a consolidated solution at their email and web gateways to defend against viruses and spam.

About Sophos
Sophos provides solutions that enable enterprises all over the world to secure and control their IT infrastructure. Sophos’s network access control and endpoint solutions simplify security to provide an integrated defense against malware, spyware, intrusions, unwanted applications and policy abuse. Sophos complements these solutions with innovative email and web security products that filter traffic for security threats, spam and policy infringements. With over 20 years of experience, Sophos’s reliably engineered security solutions and services protect more than 100 million users in over 140 countries. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Subscribe to
Information Security Today

Powered by VerticalResponse

© Copyright 2008 Auerbach Publications