Only One in 28 Emails Legitimate, Sophos Report Reveals Rising Tide of Spam in April – June 2008

Countries

BOSTON–(EMWNews)–IT security and control firm Sophos has published its report on the

latest spam trends, and revealed the top twelve spam-relaying countries

for the second quarter of 2008. SophosLabs™

research reveals a disturbing rise in the level of email spam traveling

across the internet between April – June 2008, and how some spammers are

now using Facebook and mobile phones to spread their messages.

By June 2008, research reveals that the level of spam had risen to 96.5%

of all business email. Having risen from 92.3% in the first three months

of the year, corporations are now facing the fact that only one in 28

emails is legitimate.

“If your company is on the internet, it’s going to be hard for it to do

business unless it has an effective anti-spam defense in place.

Otherwise the amount of junk mail will be swamping legitimate

correspondence from your customers and suppliers,” said Graham Cluley,

senior technology consultant for Sophos. “It should be remembered also

that some spam is not just a nuisance, but malicious in its intent –

trying to get you to click on an attached Trojan horse or lead you to a

dangerous website. Organizations need a consolidated anti-spam and

anti-malware solution at their gateway, updated around the clock to

neutralize the latest internet attacks.”

SPAM RELAYED FROM HIJACKED HOME COMPUTERS

Email spam is almost always sent from innocent third party computers,

which have been hijacked by hackers. These botnet computers are owned by

innocent parties, who are unaware that cybercriminals are using them for

financial gain. Typically they are home users who have not been properly

protected with up-to-date anti-virus software, firewalls and security

patches.

Sophos has identified the top twelve countries responsible for relaying

spam across the globe:

April to June 2008

Sophos’s breakdown of spam-relaying countries by continent is as

follows:

April to June 2008:

“Between April and June 2008, the computer users from the US and Russia

retained their shameful first and second places as the top relayers of

spam,” continued Cluley. “Much more needs to be done to raise awareness

about computer security. These computers are under the remote control of

hackers, which means they can be used not only for sending a tidal wave

of spam, but also potentially steal banking details and credit card

information for the purposes of identity theft.”

Also retaining a place on the leader’s podium

was Turkey, with a marked increase in spam since the same period last

year – rising from ninth place and 2.9 percent in the second quarter of

2007, to third place and 6.8 percent this year.

A new addition to the chart this quarter is Argentina, which has knocked

France out of the chart to take 12th place, and which is now responsible

for relaying 2.9 percent of the world’s spam

email.

“Argentina is the fastest growing economy in South America, which means

lots more computers are connecting to the net,” explained Cluley.

“Spammers hijack poorly defended computers wherever they are in the

world to join their sprawling botnets. Computers may be becoming more

common, but IT security also has to be a top priority.”

SPAM SPREADING VIA NEW AVENUES

Sophos has discovered that spammers are increasingly using networking

websites such as Facebook and LinkedIn to send their unwanted links to

online stores and bogus lottery and financial scams.

“Spammers are finding themselves increasingly obstructed by corporate

anti-spam defenses at the email gateway. In a nutshell – we’re stopping

the bad guys from getting their marketing message in front of their

intended audience,” said Cluley. “To get around this, we are seeing

spammers exploiting networks like Facebook to plant spam messages on

other peoples’ profiles – these don’t just get read by the owner of the

profile, but anyone else visiting his or her page.”

A picture of spams planted on a Facebook profile can be found here:

http://www.sophos.com/images/common/misc/fbookspam1.gif

In May, the LinkedIn business networking system was used by scammers

seeking to swindle money from unwary corporate executives. On this

occasion, the spammers offered a share of a non-existent $6.5 million

inheritance fund, further highlighting the need for users to be vigilant

to unsolicited approaches online.

Sophos experts note that the level of Facebook, Bebo and LinkedIn spam

is still dwarfed by email spam, but there is a growing trend for

spammers to use other techniques to spread their messages.

Another growing method for spammers to spread their messages is via SMS

texts sent to mobile phones.

In April, the switchboard of Dublin Zoo was swamped after at least 5000

people were spammed an SMS text message to their mobile phones telling

them to ring a number urgently and ask for a fictitious person. The

number was that of the main phone line to Dublin Zoo and the fake names

all animal-related (Rory Lion, Anna Conda, C Lion or G Raffe according

to the news reports).

Curiously, zoos in Houston and Brownsville, Texas suffered from similar

attacks in May.

Spamming a lot of people via text message is an effective way of

generating a flash-flood denial-of-service attack against the telephone

system of an organization you don’t like. As mobile operators give away

more and more “free texts per month” as part of their calling-plans, and

make available SMS web gateways that can be exploited by hackers, we may

see more spammers using SMS to clog up phone lines.

SPEAR PHISHING ON THE RISE

“Spear phishing,” which involves messages that have been personalized to

a specific domain or organization, has become more common in recent

months. These emails will appear to come from a trusted source, such as

a member of IT staff at the same company as the recipient, and ask for

personal information or username and password confirmation. Those who

reply to these messages will inadvertently be supplying information that

the phisher can use for malicious purposes, such as identity fraud.

Spear phishers generate the victims’ addresses by using special software

or using lists of employees found on the networks of social media sites

such as Facebook or LinkedIn.

Victims of spear phishing attacks in recent months include: The

University of Waterloo, Oak Ridge National Laboratory, and the

University of Minnesota. Financial institutions are also amongst the

many organizations to have been on the receiving end of this kind of

attack.

For more information on “Best practice advice for minimizing exposure

to spam,” please visit: www.sophos.com/security/best-practice/

Sophos recommends companies automatically update their corporate virus

protection, and run a consolidated solution at their email and web

gateways to defend against viruses and spam.

About Sophos

Sophos enables enterprises worldwide to secure and control their IT

infrastructure. Our network access control, endpoint, web and email

solutions simplify security to provide integrated defenses against

malware, spyware, intrusions, unwanted applications, spam, policy abuse,

data leakage and compliance drift.

With over 20 years of experience, we protect over 100 million users in

nearly 150 countries with our reliably engineered security solutions and

services. Recognized for our high level of customer satisfaction, we

have an enviable history of industry awards, reviews and certifications.

Sophos is headquartered in Boston, MA and Oxford, UK. More information

is available at www.sophos.com.

Major Newsire & Press Release Distribution with Basic Starting at only $19 and Complete OTCBB / Financial Distribution only $89

Get Unlimited Organic Website Traffic to your Website 
TheNFG.com now offers Organic Lead Generation & Traffic Solutions