KUALA LUMPUR (Oct 24): IT and security data protection firm Sophos said India continues to top the "Dirty Dozen" list of spam-relaying countries, accounting for 16.1% of the world's spam output from July to September 2012 that was captured in SophosLabs's global network of spam traps.
In its latest report, it said that the United Kingdom — which had managed to remain out of the top twelve spam-relaying countries for the last four consecutive quarters (having last appeared in April to June 2011) — returned to the list in twelfth place.
Sophos also said that Saudi Arabia was the top new entry this quarter, relaying a significant 5.1% of spam for the period, addin that it was likely caused by the Festi botnet which successfully infected many computers in the country in August and then used the computers to swamp the rest of the world with large quantities of spam.
It said that the US — which was once a permanent fixture as the leading superpower in the spam stakes and last topped the table in the same period a year ago — rose one place in the list and now relays one in 15 of all spam emails. Sophos added that the other new entries consisted of Turkey and Germany, with Pakistan, Russia, Poland and Thailand all dropping out of the table.
Sophos had reported in July that India was accountable for 11.4% of the world's spam seen throughout April, May and June, despite having only 5.3% of the world's internet users. It added that the current lack of IT security measures taken to protect computers in India and its region will likely lead to further problems as more of its citizens get online, which is likely given that only 10.2% of the country's population are internet users.
"Spam emails arrive in your inbox via other people's infected computers," said Sophos senior technology consultant Graham Cluley. "The latest Dirty Dozen report suggests that a not-insignificant number of PCs in India are harbouring malware infections that turn PCs into spam-spitting zombie slaves, controlled by the cybercriminals who make money by punting junk emails to promote questionable goods, or simply use malicious spam to infect more computers.
"The authorities in India need to make IT security education a priority. One would be safe to assume that, if computer users in the country are being targeted in order to relay spam, they are likely victims of other online threats such as fraud," he said.
The top 12 spam-relaying countries for July to September 2012 are as follows:
1. India (16.1% from 11.4% in the previous quarter, same position)
2. Italy (9.4% from 7%, same position)
3. USA (6.5% from 6.2%, up from 4th place)
4. Saudi Arabia (5.1%)
5. Brazil (4.0% from 4.4%, but up from 6th place)
6. Turkey (3.8%)
7. France (3.7% from 3.1%, up from 9th place)
8. South Korea (3.6% from 6.7%, down from 3rd place)
9. Vietnam (3.4% from 5.8%, down from 5th place)
10. China (3.1% from 3.2%, down from 8th place)
11. Germany (2.7%)
12. United Kingdom (2.1%)
13. Others (36.5% from 40.3%)
Sophos said that taking a global view, Asia is still the worst offending continent, responsible for almost half of the world's spam, followed by Europe and South America.
The top spam relaying continents for July-September 2012 are as follows:
1. Asia (48.7%)
2. Europe (28.2%)
3. South America (10.2%)
4. North America (9.5%)
5. Africa (2.9%)
6. Other (0.5%)
The software firm recommended that organisations and ISPs implement technology and follow best-practice methodologies to ensure that malicious emails do not reach email inboxes.
"Spam is still a big threat to computer users, particularly for those who might not be aware of the simple dangers of clicking on links in unsolicited emails," Cluley said, adding that this could represent a ticking time bomb because Asian nations like India and China — which actually have comparatively few computer users in terms of their overall populations — continue to become more connected.
Sophos is a developer and vendor of security software and hardware. SophosLabs is the company's global network of threat analysis centres.
For more advice on how to combat spam, click here.