US and China worst for spam and malware says Sophos

Alex Zaharov-Reutt
Tuesday, 23 January 2007 21:05

Business IT - Security

Despite tough anti-spam measures in the US, and recent lawsuits against a MySpace spammer, the amount of spam and malware emanating from the US makes it the worst nation in the world for those twin digital evils – but China’s not far behind, and plenty of other countries are on the list, too.

Sophos has published its Security Threat Report 2007 which is available for free download, where they’ve examining the threat landscape over the previous twelve months, and predict malware and spam developments during 2007 – and the news isn’t good.

Sophos tell us that “the US hosts more than one third of the websites containing malicious code identified during 2006, as well as relaying more spam than any other nation”. So much for CAN-SPAM Act, but the Government had to be seen to be doing something, right?

You’ll be able to read up on the top ten malware threats of 2006, and ready the not-so-shocking development that ‘large-scale attacks’ to generate kudos and respect amongst fellow crimeware writers is growing less popular, as “more focused strikes against computer users” means individual users’ computers are organized into botnets to do whatever evil deeds their new controllers desire.

It should also come as no surprise that Sophos tell us that Windows is still the primary target for hackers, something that Microsoft hopes to prevent with Windows Vista, and Internet Security companies hope to prevent with their latest 2007 Internet Security packages, which they’d all like you to upgrade to, including Microsoft who has finally released OneCare 1.5 to compete with Symantec’s Norton 360 and upcoming ‘all-in-one’ security solutions from McAfee and others.

 The allure of the Trojan horse that installs a rootkit or other nefarious software is also the popular trend, relegating mass-mailing worms to second fiddle in the race to diddle the user.

The Sophos list of top-ten web-based malware hosting countries is as follows. First past the post is the US, with 34.2%. Then comes China in what is almost a neck and neck finish at 31%. The Russian Federation gets the bronze medal at 9.5%, the Netherlands emerge at number four with 4.7%, the Ukraine pops up to say hello with 3.2%, France says bonjour at sixth spot with 1.8%, Taiwan has 1.7%, Germany warns achtung with 1.5%, Hong Kong goes honkers in the 9th spot with 1% and Korea squeaks into the 10th spot with 0.9% of web-based malware, while the rest of the world falls into the ‘others’ category with 10.5%.
 
Carole Theriault, senior security consultant for Sophos, said that “The US remains a hot spot for online criminal activity, and despite authorities' continued efforts to clamp down on cyber crime, too many US-hosted websites still have lax security measures in place. Given the effectiveness of web-based attacks, web hosting companies in the US and elsewhere need to step up their policing of published content, and ensure that malicious code is quickly removed, before innocent users get hit.”

Spam is still the killer application of unsolicited commercial emailers, with the US again taking the only gold medal it surely doesn’t want by relaying 22% of the world’s spam. The rest of the ‘dirty dozen’ includes China, this time including the Special Administrative Region of Hong Kong, which weighs in with a silver medal at 15.9%, South Korea much higher on the list this time and scoring the bronze with 7.4%, France gets no medal but still walks away with 5.4%, Spain pops up with 5.1%, Poland at 4.5%, Brazil at 3.5%, Italy at 3.2%, Germany at 3.0%, the UK at 1.9%, Russia at 1.8%, Taiwan the same and ‘others’ at 24.4%.
 
Sophos say that “up to 90% of all spam is now relayed from zombie computers, hijacked by Trojan horses, worms and viruses under the control of hackers. This means that they do not need to be based in the same country as the computers being used to send the spam”.

"The internet now represents the easiest way for cyber criminals to gain entry to corporate networks, as more users are accessing unregulated sites, downloading applications and streaming audio/video, potentially jeopardising security in the process," continued Theriault. "A great many businesses aren't geared up to gain insight into users' online behaviour, let alone control it, and it's vital that they now begin to examine ways to incorporate web security into their overall IT security strategy."

The reasons for writing malware are different by region, too. Sophos tells us “that 30% of all malware is now written in China, most of it taking the form of Trojans used for gaining a backdoor into users' computers, with 17% of malware written in China is designed for the specific purpose of stealing passwords from online gamers. In contrast, malware authors based in Brazil are responsible for 14.2% of all malware, the majority of which is designed to steal information from online bankers”.

"It's interesting to see how malware varies depending on location, often exploiting current country-specific online trends. Identifying the source of the malware helps security experts and authorities strengthen criminal profiles and bring the perpetrators to justice," added Theriault.

Sophos detected an astounding 41,536 new pieces of malware in 2006, bringing the total protected against to 207,684. Of these threats, Trojans now outnumber Windows viruses and worms by 4:1. The proportion of infected emails was down from 1 in 44 during 2005 to just 1 in 337 during 2006. No wonder Mac users are smiling, despite increasing discoveries of vulnerabilities in Mac OS X.

To protect yourself against these threats, it is vital to use a 2007 Edition Internet Security package or equivalent, whether free or paid. Extra anti-spyware protection comes from companies like Spybot www.safer-networking.org and AdAware www.lavasoftusa.com, while extra anti-phishing and anti-rootkit protection can also come from TrustDefender www.trustdefender.com.

See the full report for more detail on the findings and the predictions for 2007.