Dirty Dozen: Top 12 Spam Countries Identified4:00 PM EST Fri. Jul. 19, 2013
Researchers at U.K.-based security vendor Sophos identified the top 12 spam-relaying countries in its "Dirty Dozen" report that analyzed spam volume between April and June of 2013. The analysis determined the extent to which computers in a given country are used for delivering spam.
Sophos said three new countries entered the top 12 while several other countries -- France, Peru and South Korea -- fell off the list. Spam volume in countries sometimes mirrors population, according to Sophos.
Spam messages, which are often viewed as unwanted messages pitching pharmaceuticals and pornography, also pose a serious threat. Sophos said. The unwanted messages can include phishing schemes and malware, and spammers have been seen pushing investment scams and other fraudulent activities, Sophos said.
This season, Germany came in 12th overall for being responsible for relaying 2.5 percent of spam globally, according to Sophos. The country is also known for receiving the most malicious spam messages, often laden with malware or links directing users to phishing attack pages. A report issued last year by Kaspersky Lab had Germany at the top of the list for pushing backdoor Trojans and other malware linked to the Zeus family of banking Trojans.
Russia is known for being the home of many financially motivated cybercriminal organizations, but it came in 11th overall on Sophos' Dirty Dozen list for pushing only 2.6 percent of spam globally. Law enforcement believe it also hosts major money laundering operations associated with credit card theft and malware attacks designed to drain bank accounts. Interestingly, the Republic of Belarus, which borders Russia to the northeast, has the title of having the most spam relayed by proportion to its population, Sophos said.
Italy came in 10th on the Sophos Dirty Dozen list for pushing about 2.9 percent of spam globally. Spammers have been quick to jump on news headlines in Italy to get people to open their messages. In 2009, a 6.3-magnitude quake was used as bait in a phishing campaign. Spammers have also used ongoing controversies surrounding Italian Prime Minister Silvio Berlusconi to lure people into clicking on links in the messages.
Argentina is a newly listed member of the Dirty Dozen list, earning the No. 9 spot for pushing 3.1 percent of spam globally. Despite being newly added, the country has aggressive spam laws. The South American country has a government agency that investigates spam incidents and has the power to levy stiff fines against spammers.
Kazakhstan, a Russian speaking country in central Asia, is also a newly listed member. It earned the eighth place title on the Dirty Dozen list for pushing 3.3 percent of spam globally. Malware and phishing are common in spam messages in Kazakhstan and several other top countries, with a correlation between the spam messages and incidents of piracy. Pirated copies of Windows and other un-updated software often contain vulnerabilities that can be exploited by malware attachments in spam messages, Sophos said. Pirated software also often contains malware that can make the system part of a global botnet that spreads spam.
Spain earned the No. 7 spot on the Sophos Dirty Dozen list. It pushed 3.4 percent of spam globally. Spain also earns credit for having a large amount of attack messages, spreading worms, ransomware and spyware, according to security experts.
India earned the sixth spot on the Sophos Dirty Dozen list for pushing about 3.6 percent of spam globally. Attackers often rent out spam servers for their campaigns and can even design a specific campaign for a region, Sophos said. Paul Ducklin, a security evangelist at Sophos, recommends users keep their systems patched, including their browser and its components. Antivirus software should also be receiving regular updates, he said.
Taiwan earned the No. 5 spot on the Sophos Dirty Dozen List for pushing slightly more than 3.6 percent of spam globally. Sophos' Ducklin said the list doesn't explain where the spam originates, only how it gets relayed from spammers to their victims. Systems that are infected with malware are often turned into spam relay systems as part of a global botnet operated by a cybercriminal abroad, Ducklin said.
Ukraine is a new entrant on the Sophos Dirty Dozen list. The eastern European country peddled 5.5 percent of spam globally, earning it the fourth spot on the list. Ukraine is believed to be the home of a long-running pharmacy spam operation, according to Spamhaus, a spam-fighting organization. The spammer behind the operation, known for sending 10 million or more messages daily, uses Chinese Web hosting for the operations and botnets to spread the messages, Spamhaus said.
China earned third place on the Sophos Dirty Dozen list for relaying 5.9 percent of spam globally. China is home to the Vincent Chan gang, an organization of Chinese partners that have been sending spam for years, according to Spamhaus. The Vincent Chan gang, which mainly spreads messages touting online pharmacies, is listed at the top of the list of worst spammers, according to a list maintained by the spam-fighting organization.
The eastern European country of Belarus earned second place on the Dirty Dozen list. The country has pushed 11.7 percent of spam globally, Sophos said. The country has been at the top of similar lists in the past. Security firm AppRiver, which also tracks spam, said the country is responsible for relaying more than 3 million spam messages per day.
The United States retained the spamming crown on the Dirty Dozen list, sending 13.8 percent of spam globally, Sophos said. The company said the U.S. population and its robust Internet connectivity helps it retain the leadership position.
Spamhaus lists three spammers on its worst spammer list: Quick Cart Pro, Yair Shalev and iMedia Networks. Quick Cart Pro, an operation with ties to Russia and Canada, promotes fake pharmaceuticals, Spamhaus said. Yair Shalev, a high-volume spammer, uses the showshoe method to send messages, spreading out spam across many IPs and domains, in order to dilute reputation metrics and evade filters, Spamhaus said. And, iMedia Networks, operated by Michael Lindsay, is a spam-hosting operation serving bulletproof hosting at high premiums to well-known spam gangs, according to Spamhaus.