U.S. Tops 'Dirty Dozen' As No. 1 Spam E-Mail Generator

The U.S. maintained its No. 1 position as the top country for relaying spam e-mail, according to Sophos' most recent "Dirty Dozen" list examining from which geographies spam e-mail originates.

The U.S. again topped the list as the dirtiest by a significant amount and is responsible for nearly one in five junk e-mails, or 18.83 percent of all spam e-mails, Sophos found. The second highest offender was India, which clocked in with 6.88 percent of spam e-mails.

"The U.S.'s domination of the list underlines the continuing problem of computers being compromised by hackers in the country, allowing them to be remotely controlled for criminal purposes without the owners' knowledge," Sophos said.

"It's a reflection of the unprotected PCs in this country," said Sophos Senior Security Advisor Chester Wisniewski, noting that the U.S. has been the No. 1. spam culprit for the last five years running. "We're doing a pretty bad job of protecting our PCs."

Sponsored post

U.S. topping the list of spam e-mail origins comes on the heels of a Symantec research report that notes that spam e-mail volumes dropped dramatically over the holiday season, reaching new lows between Christmas and New Year's.

While the U.S. and India sit atop the list, the rest of the "Dirty Dozen" is: Brazil with 5.04 percent of spam, Russia with 4.64 percent, the U.K. with 4.54 percent, France with 3.45 percent, Italy with 3.17 percent, South Korea with 3.01 percent, Germany with 2.99 percent, Vietnam with 2.79 percent, Romania with 2.25 percent and Spain with 2.24 percent.

Wisniewski said also telling is India and Brazil coming in second and third, indicating that as Web use in those countries increases, the amount of spam generated through them also grows.

When spam e-mail output is measured by continent, Europe tops the list with 32.11 percent of relayed spam, followed by Asia with 31.89 percent, North America with 22.38 percent, South America with 10.25 percent and Africa with 2.12 percent.

Sophos also noted that the nature of the spam that is being distributed is becoming increasingly more malicious. Traditional subject matter spam, like advertisements for prescription drugs, continues to be a concern, with 36 million Americans reported to have bought drugs from unlicensed online sellers. But Sophos noted that more messages are spreading malware and attempting to phish user names, passwords and other personal data and information.

"We used to see a lot of the fake Rolexes and Viagra spam trying to sell you something directly," Wisniewski said. "Now they're tending to move their spam into social networks. The percentage of spam used to be direct to market, now you're being led to a Web site and to fake Facebook apps and Twitter spam feeds."

Next: The Threat Of Spearphishing Grows

Additionally, there has been a jump in focused, targeted e-mail attacks known as "spearphising" and Sophos is also receiving an increased number of reports of malicious apps, compromised profiles and unwanted messages spreading across social networks like Facebook and Twitter.

Sophos' findings indicate that despite Symantec's earlier report that spam levels have dropped; spam shows no sign of disappearing altogether.

"Spam is certainly here to stay, however, the motivations and the methods are continuing to change in order to reap the greatest rewards for the spammers," said Graham Cluley, senior technology consultant at Sophos, in a statement. "What's becoming even more prevalent is the mailing of links to poisoned Web pages -- victims are tricked into clicking a link in an e-mail, and then led to a site that attacks their computer with exploits or attempts to implant fake anti-virus software."

Cluley continued: "Regardless of what methods spammers use, Internet users should never be tempted to open a spam message out of curiosity, or click on an unknown link, just because it appears on a Facebook friend's profile. Internet users need to become aware of these new approaches to cybercrime as the spamming techniques become more and more sophisticated. As long as spammers continue to make money from these schemes, Internet users can be sure that they'll continue to receive unsolicited emails and social networking scams. To combat this, it's essential that computer users remain wary of clicking on unknown links, regardless of whether they appear to be on a trusted contact's social networking page."