Abingdon, England-based anti-spam and anti-virus software company Sophos released Wednesday its annual first-quarter “Dirty Dozen” list of the top 12 spam-relaying countries –and Canada wasn’t on it.
Sophos compiles the list by “scanning all of the spam messages received in the company’s global network of spam traps” between January and March. Canada placed fifth on last year’s list. Sophos senior technology consultant, Graham Cluley, attributed Canada’s absence from this year’s Dirty Dozen to Canadian Internet service providers (ISPs) working together to craft best practices to outwit the spammers.
Despite similar efforts by American ISPs, and tech vendors urging customers to keep their operating systems, software, and anti-spam programs up-to-date, the U.S. remained the top spamming culprit, relaying 19.8 per cent of the world’s spam.
Cluley pointed out that the rankings reflect not where the most spammers are based, but from where the most spam is relayed. “The U.S. has a lot of computers, and particularly consumers’ computers, and a lot of them are ‘owned’ by hackers,” said Cluley, referring to the prevalence of spammers using “zombies” and “’bots” to take over a person’s computer and send out spam. Cluley estimates that only one per cent of spammers use their own computers to spam anymore, preferring to utilize an unknowing victim’s computer for their operation.
Poland made its debut on the list this year, busting in at the No. 3 spot. “That was a bit of a shock, but there are a number of factors behind this. Poland’s economy is booming, and there is generally more buzz around getting online. Then there are a couple of ISPs pumping through a surprising amount of spam. One of the ISPs has the largest relay of spam in the world,” Cluley said.
This pattern could be repeated, according to Cluley, as more countries embrace the Internet without fully realizing the attendant security requirements. India poked its way onto the list, taking the eleventh spot. “It was always hovering (above the list),” said Cluley, “There’s a huge IT community there, with lots of computers and companies based there. They’re IT literate, but they may not be running the latest version of (their operating system).” Running an operating system that is a couple of generations old could be the cause of many of countries’ appearance among the Dirty Dozen, according to Cluley.
The U.K., for instance, dropped off the list into thirteenth place, which Cluley said could stem from the U.K.’s ongoing awareness campaigns about the spam and virus threat.
In spite of these small inroads, spam is up 4.2 per cent overall, boosted by criminals being drawn to the easy money to be had in cyberspace. Current spamming trends include visual spam (which uses embedded images to get past filters) and “spamglish” (which uses random words to evade detection), along with targeting mobile devices.
On the horizon are even cleverer spamming tactics, including instant messaging attacks and voice phishing schemes, where a victim gives information over the phone to a computer impersonating a vendor’s automated phone system.
Cluley said that, despite Bill Gates’ 2004 prediction of spam’s eradication in two years, “spam is going to be around for a very long, long, time, I’m afraid.”