Report: U.S. Still World's Spam Leader
January 23, 2007
Although Sophos said the U.S. has made progress in its efforts to reduce spam-relaying, the security firm pointed out that new spam techniques are making it more difficult to block the unsolicited e-mail; specifically, image-based spam -- spam that conveys its message through an embedded graphic rather than merely text -- is on the rise.
According to a new report from security firm Sophos, the United States still retains its title as king of the spam scene, but China is now sharing in the shame as the nation that generated the most malicious code in 2006.
Sophos' annual Security Threat Report revealed that U.S.-based computers relayed 22 percent of the world's spam last year, followed by China at 15.9 percent and South Korea at 7.4 percent. What's more, 90 percent of all spam is now relayed from zombie computers, machines hijacked by Trojan horses that are under the control of malicious hackers.
Security researchers are warning I.T. professionals to ramp up for more targeted attacks in 2007. "The U.S. market is undeniably a target for online criminal activity," Ron O'Brien, senior security analyst for Sophos, said in a statement. "More and more, organizations with U.S.-based Web sites are falling victim to targeted attacks."
Rise of Image Spam
Although Sophos said the U.S. has made progress in its efforts to reduce spam-relaying, the security firm pointed out that new spam techniques are making it more difficult to block the unsolicited e-mail. Specifically, image-based spam -- spam that conveys its message through an embedded graphic -- is on the rise.
According to data from IronPort Systems, image spam accounted for 25 percent of total spam volume in October 2006 compared to 2.8 percent in October 2005, an increase of 421 percent.
"Overall, spam catch rates are declining because signature-based antispam solutions can't keep up with the advanced techniques spammers are using," said Craig Sprosts, a senior product manager at IronPort. "This can cause your e-mails to get delayed 24 hours or more because it puts a strain on the infrastructure Relevant Products/Services."
Threats on the Horizon
While spam might be annoying, it also can be downright dangerous. Sophos detected 41,536 new pieces of e-mail-borne malware in 2006 and reported an increase in the number of phishing attacks that try to trick recipients into divulging sensitive information, such as passwords or credit card numbers.
The most prolific e-mail threats of 2006 were the Mytob, Netsky, Sober, and Zafi families of worms, which together accounted for more than 75 percent of all infected e-mail, Sophos said.
However, the firm predicted that 2007 is likely to see a significant shift away from the use of e-mail-based security threats, with Internet criminals instead looking to exploit new Web 2.0 capabilities.
"Cyber criminals are seeking new ways to distribute malware and the Web seems to be the logical environment as mounting applications and social sites keep end users active on the Internet," O'Brien noted, citing streaming media and file-sharing services as additional avenues for attack.
