2009 Security threat report: Spam

Spam still popular

Spam remains a significant problem for business, with Sophos research revealing that an incredible 97 percent of all business email is spam. Sophos receives millions of new messages every day from its global network of spam traps.

Spam by country

Spam was sent from 240 countries in 2008. The US has decreased its contribution to the spam problem, relaying 17.5 percent of all spam compared to 22.5 percent in 2007. However, it still has much work to do to tackle the problem.

Top 12 spam relaying countries for 2008:
US 17.5%
Russia 7.8%
Turkey 6.9%
China (inc HK) 6.0%
Brazil 4.4%
South Korea 3.7%
Italy 3.3%
UK 3.1%
Poland 3.0%
India 2.9%
Spain 2.8%
Germany 2.7%
Other 35.9%

The US then is still responsible for most of the world’s unwanted emails – some of which will have malware attached, or link to malicious or infected websites. Most of this spam will come from unwitting home users, whose computers are part of a botnet.

However, the botnet problem is truly global. It is clear that more computers require up-to-date anti-virus protection and the latest security patches, and that the general public needs to be better educated about how to avoid putting their personal data and computers at risk.

Are you a spammer?

Virtually all spam comes from compromised computers (called “bots” or “zombies”) that have been successfully attacked and now, unbeknown to their owners, are sending out large volumes of spam, launching distributed denial-of-service attacks, or stealing confidential information.

Having up-to-date anti-virus protection, installing and running a firewall, and ensuring that all security patches are in place for both the operating system and any installed applications will significantly lower the likelihood of being compromised.

Sophos ZombieAlert™ Service32 identifies business computers that have been hijacked and which are sending out emails on behalf of the spammers.

Spam by continent

Asia delivers more than one-third of all spam, and when combined with Europe accounts for almost two-thirds of the world’s unwanted emails.

Spam relayed by continent in 2008:
Asia 36.6%
Europe 27.1%
North America 20.7%
South America 13.4%
Africa 1.1%
Oceania 0.7%
Unclassified 0.4%

Blog spam

Spam is not just sent via email. Increasingly, internet blogs, which invite visitors to leave comments are also used, typically by automated bots that hunt for vulnerable pages.

It is estimated that over 85 percent of all submitted blog comments are in fact spam33, although many blogs use free tools to try to filter it out before publication.

Spam and social networks

Spammers proved themselves to be unafraid of trying new methods of distributing their marketing messages and malware during 2008. Social networking websites, such as Facebook and Twitter, have increasingly popular with them.

Typically, hackers steal members’ usernames and passwords and then bombard the victims’ friends and family with thinly disguised marketing messages, directing them to third-party
webpages.

An interesting trend has also emerged in exploiting social networks. Conmen are breaking into innocent Facebook accounts to pose as an individual. They then spam out messages to that person’s friends claiming that while holidaying in a foreign city, they have been mugged and lost
their wallet and return airline ticket. They then ask for funds to be wired to them via Western Union34.

Computer users who would normally be suspicious of similar emails arriving in their regular inbox, may be more susceptible when they are communicated via Facebook from a contact they believe to be a friend. Scammers can exploit the network further by having an ongoing conversation with their intended victim, using information from the compromised account. For instance, if the owner of the hacked account has told his Facebook friends via a status message that he is traveling to a particular country, it makes the story of the mugging all the more believable.

Internet users need to become more sceptical and cynical about such messages if they are going to avoid such confidence tricks in the future.

In November 2008, Facebook was awarded US $873 million in a court judgement against a Montreal-based spammer who was said to have sent more than four million messages to its users via compromised accounts35. Sophos has seen an escalation in the amount of spam being sent via social networking websites and expects to see this continue to rise.

Other trends in spam

“Newsletter” spam is proving a popular method of delivery, with spammers copying the templates and design of legitimate email newsletters. Hackers also use webmail accounts like Gmail, Hotmail and Yahoo to spew spam to the world, having broken the CAPTCHA (completely automated procedure for telling computer and humans apart) system.

Sophos.com