The anti-virus vendor released its final “Spampionship” league table of 2013 on Tuesday, and the study concluded that the US was once again the most prolific country, accounting for 14.5 percent of the total spam sent worldwide in the fourth quarter.
China re-emerged in second place with 8.2 percent of all spam, with Russia growing from 3 percent to 5.5 percent on a quarterly basis. Less populated countries like Belarus – which had the highest level of spam per person – the average computer there is 10 times more likely to send spam than if based in the US. Luxembourg and Kuwait also featured highly on the list, leading Sophos senior security analyst Paul Ducklin to say that spam remains a global issue.
“There is a serious side to spam, this truly is a global problem,” he told SCMagazineUK.com. “The spam aspect is just a symptom - the start of the problem. Zombie malware means the crooks are already on the inside. We don't know what else [cyber criminals] are doing inside networks.”
“It's very rare that a botnet has one version – crooks often update it and repurpose it. If you deal with the spam problem, and stop it in the first place, you are getting rid of future malware.”
Ducklin pointed to spam's continued dominance by revealing that Microsoft founder Bill Gates predicted the death of spam by 2006, when speaking at the World Economic Forum in Davos two years before.
Cyber criminals often infect these computers by using remote-control malware, and are almost always based out of other countries, and Ducklin goes onto suggest that the results from smaller countries suggests less attention on implementing information security.
The UK, he adds, may have benefitted in this regard. The country was 19th on the list by spam volume, accounting for 1.6 percent of the world spam, and 47th by population with 0.55 of the US score (the US was 27th in the world on this rating).
The Sophos analyst admitted that it is hard to predict why the UK remains ahead of the curve, but personally hoped that government initiatives like the Cyber Streetwise scheme may have had a helping hand: “Are [public service and government initiatives] working? We can't prove it but let's hope so.”
This report, available on the Naked Security blog, follows a spate of spam activity in recent weeks, with Symantec unearthing a new Twitter spam campaign targeting Super Bowl and Miley Syrus fans recently. Cloudmark, meanwhile, found that 85 percent of SMS spam messaging in the UK used money to entice victims, such as payday loans and sports betting, while Kaspersky Lab also used a recent report to detail the risk of spam in emailed loan offers.
However, while Kaspersky Lab senior security researcher David Emm told SCMagazineUK.com that the firm has seen spam levels drop – less than 70 percent of email traffic is now spam – he worries that attackers are increasingly looking to steal confidential data.
“Whereas previously spammers often exploited the trust of unwary victims, they now face a new generation of IT-savvy targets,” said Emm. “As a result, they are adopting new tactics - for example, sending malicious attachments in the guise of anti-virus updates.”
“Increasingly, such malicious attachments are designed to steal confidential data. However, this is no longer just bank logins, but login credentials for social networks and email. This reaps rewards for the spammers since stolen credentials for e-mail, for example, can often be used to access lots of other content - including social networks, instant messaging, cloud storage and credit card information.”