Sophos: Only one in 28 Emails legitimate
July 2008 by Sophos
Social networking sites and mobile phones used to spread unwanted messages, as United States retains top spot in Dirty Dozen spam-relaying countries.
IT security and control firm Sophos has published its report on the latest trends in spam, and revealed the top twelve spam-relaying countries for the second quarter of 2008. The investigation reveals a disturbing rise in the level of email spam travelling across the internet between April-June 2008, and how some spammers are now using Facebook and mobile phones to spread their messages.
By June 2008, research reveals that the level of spam had risen to 96.5 percent of all business email. Having risen from a figure of 92.3% in the first three months of the year, corporations are now facing the fact that only one in 28 emails is legitimate.
"If your company is on the internet, it’s going to be hard for it to do business unless it has an effective anti-spam defence in place. Otherwise the amount of junk mail will be swamping legitimate correspondence from your customers and suppliers," said Graham Cluley, senior technology consultant for Sophos. "It should be remembered also that some spam is not just a nuisance, but malicious in its intent - trying to get you to click on an attached Trojan horse or lead you to a dangerous website. Organisations need a consolidated anti-spam and anti-malware solution at their gateway, updated around the clock to neutralise the latest internet attacks."
SPAM RELAYED FROM HIJACKED HOME COMPUTERS
Email spam is almost always sent from innocent third party computers which have been hijacked by hackers. These botnet computers are owned by innocent parties, who are unaware that cybercriminals are using them for financial gain. Typically they are home users who have not been properly protected with up-to-date anti-virus software, firewalls and security patches.
Sophos has identified the top twelve countries responsible for relaying spam across the globe:
April to June 2008
1. United States 14.9%
2. Russia 7.5%
3. Turkey 6.8%
4. China (including Hong Kong) 5.6%
5. Brazil 4.5%
6= Poland 3.6%
6= Italy 3.6%
8. South Korea 3.5%
9= United Kingdom 3.2%
9= Spain 3.2%
Sophos’s breakdown of spam-relaying countries by continent is as follows:
April to June 2008:
1. Asia 35.4%
2. Europe 29.5%
3. North America 18.2%
4. South America 14.8%
5. Africa 1.2%
"Between April and June 2008, the computer users of US and Russia retained their shameful first and second places as the top relayers of spam," continued Cluley. "Much more needs to be done to raise awareness about computer security. These computers are under the remote control of hackers which means they can be used not only for sending a tidal wave of spam, but also to potentially steal banking details and credit card information for the purposes of identity theft."
Also retaining a place on the leader’s podium of shame was Turkey, with a marked increase in spam since the same period last year - rising from ninth place and 2.9 percent in the second quarter of 2007, to third place and 6.8 percent this year.
A new addition to the chart this quarter is Argentina, which has knocked France out of the chart to take 12th place, and which is now responsible for relaying 2.9 percent of the world’s spam email.
"Argentina is the fastest growing economy in South America, which means lots more computers are connecting to the net down there," explained Cluley. "Spammers hijack poorly defended computers wherever they are in the world to join their sprawling botnets. Computers may be becoming more common, but IT security also has to be a top priority."
Spam spreading via new avenues
Sophos has discovered that spammers are increasingly using networking websites such as Bebo, Facebook and LinkedIn to send their unwanted links to online stores and bogus lottery and financial scams.
"Spammers are finding themselves increasingly obstructed by corporate anti-spam defences at the email gateway. In a nutshell - we’re stopping the bad guys getting their marketing message in front of their intended audience," said Cluley. "To get around this, we are seeing spammers exploiting networks like Facebook to plant spam messages on other peoples’ profiles - these don’t just get read by the owner of the profile, but anyone else visiting his or her page."
A picture of spams planted on a Facebook profile can be found here:
In May, the LinkedIn business networking system was used by scammers seeking to swindle money from unwary corporate executives. On this occasion, the spammers offered a share of a non-existent USD 6.5 million inheritance fund, further highlighting the need for users to be vigilant to unsolicited approaches online.
Sophos experts note that the level of Facebook, Bebo and LinkedIn spam is still dwarfed by email spam, but there is a growing trend for spammers to use other techniques to spread their messages.
Another growing method for spammers to spread their messages is via SMS texts sent to mobile phones. For instance, in April, the switchboard of Dublin Zoo was swamped after at least 5000 people were spammed an SMS text message to their mobile phones telling them to ring a number urgently and ask for a fictitious person. The number was that of the main phone line to Dublin Zoo and the fake names all animal-related (Rory Lion, Anna Conda, C Lion or G Raffe according to the news reports). Curiously, zoos in Houston and Brownsville, Texas suffered from similar attacks in May.
Spamming a lot of people via text message is an effective way of generating a flash-flood denial-of-service attack against the telephone system of an organisation you don’t like. As mobile operators give away more and more "free texts per month" as part of their calling-plans, and make available SMS web gateways that can be exploited by hackers, we may see more spammers using SMS to clog up phone lines.
Spear phishing on the rise
’Spear phishing’, which involves messages that have been personalised to a specific domain or organisation, has become more common in recent months. These emails will appear to come from a trusted source, such as a member of IT staff at the same company as the recipient, and ask for personal information or username and password confirmation. Those who reply to these messages will inadvertently be supplying information that the phisher can use for malicious purposes, such as identity fraud. Spear phishers generate the victims’ addresses by using special software or using lists of employees found on the networks of social media sites such as Facebook or LinkedIn.
Victims of spear phishing attacks in recent months include The University of Waterloo, Oak Ridge National Laboratory, and the University of Minnesota. Financial institutions are also among the many organisations to have been on the receiving end of this kind of attack.