US No.1, India No. 2 in Relaying Spam, says Sophos

One in five spam messages sent from US; one in 20 from India


MUMBAI / BANGALORE, India – October 14, 2010 – IT security and control firm Sophos has published the latest report into the ‘Dirty Dozen’ spam-relaying countries, covering the third quarter of 2010.


Since the second quarter this year, the spam output from the United States has increased significantly from 15.2% to 18.6% of global spam, making the country responsible for nearly one in five junk emails, and meaning that the USA contributes nearly 2.5 times more spam than the next worse offender, India.


The UK finds itself dropping one position since the previous quarter, from fourth to fifth place and is now responsible for relaying 5% of all spam this quarter.


The top 12 spam relaying countries for July to September 2010 are as follows—

1 United States 18.6%
2 India 7.6%
3 Brazil 5.7%
4 France 5.4%
5 UK 5.0%
6 Germany 3.4%
7 Russia 3.0%
8 S Korea 3.0%
9 Vietnam 2.9%
10 Italy 2.8%
11 Romania 2.3%
12 Spain 1.8%
13 Others 38.5%


Top spam-relaying continents, July – September 2010

1 Europe 33.1%
2 Asia 30.0%
3 N America 22.3%
4 S America 11.5%
5 Africa 2.3%
6 Others 0.8%

Almost all of this spam comes from malware-infected computers (known as bots or zombies) that are being controlled by ‘botherder’ cybercriminals.  One of the primary tactics used by cybercriminals to grow botnets involves tricking computer users into clicking malicious links – either contained in spam email or social networking messages – which direct computers to malware infected webpages.


Spam isn’t just a nuisance, it’s used by cybercriminals as a means of growing their operations,” said Graham Cluley, Senior Technology Consultant at Sophos.  “You should never even be tempted to open a spam message out of curiosity, as it can only take a second to effectively hand over control of your computer to the spammers.  If your computer does become part of a botnet, you’re also inviting further malware infections, which may compromise your personal or banking details.


Sophos also notes a rise in social networking spam during Q3 2010, with the widely reported ‘onMouseOver’ exploit creating spam tweets on Twitter, and a raft of Facebook scams that have been created by spammers to generate money from survey websites.


What’s interesting about the Facebook scams is that they exploit human weaknesses to spread – tricking users into filling in a questionnaire if they want to see a shocking picture or video that may not even exist,” added Cluley. “Unfortunately, these scams continue to proliferate, with new ones springing up every day, and Facebook seemingly unable to kill them off permanently.


One Facebook spammer has, however, recently been fined for using the social network to promote the sale of drugs.  Canadian Adam Guerbuez was fined US$100 for every one of the 4,366,386 spam posts he made, resulting in total fine of US$873.3 million.


Guerbuez was able to spam from Facebook users’ accounts after phishing their login details.


Always take care over where you enter your login credentials – be aware that you might be on a bogus website that has been created purely for the purposes of grabbing your username and password, and for those details to then be used to send spam to others,” explained Cluley.


The best way for computer users to reduce the risk of being compromised is to run anti-spam and anti-malware protections, behave sensibly when online, and ensure systems are up-to-date with security patches.


Sophos recommends that companies automatically update their corporate virus protection, and run a consolidated solution at their email and web gateways to defend against spam and viruses.


# # #


About Sophos


More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use, and that deliver the industry’s lowest TCO. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs—a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards. Sophos is headquartered in Oxford, UK and Boston, US. More information is available at



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s