Only One in 28 Emails Legitimate, Sophos Report Reveals Rising Tide of Spam in April – June 2008
2008-07-15 07:00:00
Social Networking Sites and Mobile Phones Used to Spread Unwanted
Messages, as United States Retains Top Spot in Dirty Dozen Spam-relaying
Countries
BOSTON–(EMWNews)–IT security and control firm Sophos has published its report on the
latest spam trends, and revealed the top twelve spam-relaying countries
for the second quarter of 2008. SophosLabs™
research reveals a disturbing rise in the level of email spam traveling
across the internet between April – June 2008, and how some spammers are
now using Facebook and mobile phones to spread their messages.
By June 2008, research reveals that the level of spam had risen to 96.5%
of all business email. Having risen from 92.3% in the first three months
of the year, corporations are now facing the fact that only one in 28
emails is legitimate.
“If your company is on the internet, it’s going to be hard for it to do
business unless it has an effective anti-spam defense in place.
Otherwise the amount of junk mail will be swamping legitimate
correspondence from your customers and suppliers,” said Graham Cluley,
senior technology consultant for Sophos. “It should be remembered also
that some spam is not just a nuisance, but malicious in its intent –
trying to get you to click on an attached Trojan horse or lead you to a
dangerous website. Organizations need a consolidated anti-spam and
anti-malware solution at their gateway, updated around the clock to
neutralize the latest internet attacks.”
SPAM RELAYED FROM HIJACKED HOME COMPUTERS
Email spam is almost always sent from innocent third party computers,
which have been hijacked by hackers. These botnet computers are owned by
innocent parties, who are unaware that cybercriminals are using them for
financial gain. Typically they are home users who have not been properly
protected with up-to-date anti-virus software, firewalls and security
patches.
Sophos has identified the top twelve countries responsible for relaying
spam across the globe:
April to June 2008
1 |
|
United States |
|
14.9% |
2 |
|
Russia |
|
7.5% |
3 |
|
Turkey |
|
6.8% |
4 |
|
China (including HK) |
|
5.6% |
5 |
|
Brazil |
|
4.5% |
6 = |
|
Poland |
|
3.6% |
6 = |
|
Italy |
|
3.6% |
8 |
|
South Korea |
|
3.5% |
9 = |
|
United Kingdom |
|
3.2% |
9 = |
|
Spain |
|
3.2% |
11 |
|
Germany |
|
3.0% |
12 |
|
Argentina |
|
2.9% |
|
|
Other |
|
37.7% |
Sophos’s breakdown of spam-relaying countries by continent is as
follows:
April to June 2008:
1 |
|
Asia |
|
35.4% |
2 |
|
Europe |
|
29.5% |
3 |
|
North America |
|
18.2% |
4 |
|
South America |
|
14.8% |
5 |
|
Africa |
|
1.2% |
|
|
Other |
|
0.9% |
“Between April and June 2008, the computer users from the US and Russia
retained their shameful first and second places as the top relayers of
spam,” continued Cluley. “Much more needs to be done to raise awareness
about computer security. These computers are under the remote control of
hackers, which means they can be used not only for sending a tidal wave
of spam, but also potentially steal banking details and credit card
information for the purposes of identity theft.”
Also retaining a place on the leader’s podium
was Turkey, with a marked increase in spam since the same period last
year – rising from ninth place and 2.9 percent in the second quarter of
2007, to third place and 6.8 percent this year.
A new addition to the chart this quarter is Argentina, which has knocked
France out of the chart to take 12th place, and which is now responsible
for relaying 2.9 percent of the world’s spam
email.
“Argentina is the fastest growing economy in South America, which means
lots more computers are connecting to the net,” explained Cluley.
“Spammers hijack poorly defended computers wherever they are in the
world to join their sprawling botnets. Computers may be becoming more
common, but IT security also has to be a top priority.”
SPAM SPREADING VIA NEW AVENUES
Sophos has discovered that spammers are increasingly using networking
websites such as Facebook and LinkedIn to send their unwanted links to
online stores and bogus lottery and financial scams.
“Spammers are finding themselves increasingly obstructed by corporate
anti-spam defenses at the email gateway. In a nutshell – we’re stopping
the bad guys from getting their marketing message in front of their
intended audience,” said Cluley. “To get around this, we are seeing
spammers exploiting networks like Facebook to plant spam messages on
other peoples’ profiles – these don’t just get read by the owner of the
profile, but anyone else visiting his or her page.”
A picture of spams planted on a Facebook profile can be found here:
http://www.sophos.com/images/common/misc/fbookspam1.gif
In May, the LinkedIn business networking system was used by scammers
seeking to swindle money from unwary corporate executives. On this
occasion, the spammers offered a share of a non-existent $6.5 million
inheritance fund, further highlighting the need for users to be vigilant
to unsolicited approaches online.
Sophos experts note that the level of Facebook, Bebo and LinkedIn spam
is still dwarfed by email spam, but there is a growing trend for
spammers to use other techniques to spread their messages.
Another growing method for spammers to spread their messages is via SMS
texts sent to mobile phones.
In April, the switchboard of Dublin Zoo was swamped after at least 5000
people were spammed an SMS text message to their mobile phones telling
them to ring a number urgently and ask for a fictitious person. The
number was that of the main phone line to Dublin Zoo and the fake names
all animal-related (Rory Lion, Anna Conda, C Lion or G Raffe according
to the news reports).
Curiously, zoos in Houston and Brownsville, Texas suffered from similar
attacks in May.
Spamming a lot of people via text message is an effective way of
generating a flash-flood denial-of-service attack against the telephone
system of an organization you don’t like. As mobile operators give away
more and more “free texts per month” as part of their calling-plans, and
make available SMS web gateways that can be exploited by hackers, we may
see more spammers using SMS to clog up phone lines.
SPEAR PHISHING ON THE RISE
“Spear phishing,” which involves messages that have been personalized to
a specific domain or organization, has become more common in recent
months. These emails will appear to come from a trusted source, such as
a member of IT staff at the same company as the recipient, and ask for
personal information or username and password confirmation. Those who
reply to these messages will inadvertently be supplying information that
the phisher can use for malicious purposes, such as identity fraud.
Spear phishers generate the victims’ addresses by using special software
or using lists of employees found on the networks of social media sites
such as Facebook or LinkedIn.
Victims of spear phishing attacks in recent months include: The
University of Waterloo, Oak Ridge National Laboratory, and the
University of Minnesota. Financial institutions are also amongst the
many organizations to have been on the receiving end of this kind of
attack.
For more information on “Best practice advice for minimizing exposure
to spam,” please visit: www.sophos.com/security/best-practice/
Sophos recommends companies automatically update their corporate virus
protection, and run a consolidated solution at their email and web
gateways to defend against viruses and spam.
About Sophos
Sophos enables enterprises worldwide to secure and control their IT
infrastructure. Our network access control, endpoint, web and email
solutions simplify security to provide integrated defenses against
malware, spyware, intrusions, unwanted applications, spam, policy abuse,
data leakage and compliance drift.
With over 20 years of experience, we protect over 100 million users in
nearly 150 countries with our reliably engineered security solutions and
services. Recognized for our high level of customer satisfaction, we
have an enviable history of industry awards, reviews and certifications.
Sophos is headquartered in Boston, MA and Oxford, UK. More information
is available at www.sophos.com.
CHEN PR Torode, 781-494-5885 |
|
Major Newsire & Press Release Distribution with Basic Starting at only $19 and Complete OTCBB / Financial Distribution only $89
Get Unlimited Organic Website Traffic to your Website
TheNFG.com now offers Organic Lead Generation & Traffic Solutions