IT security and control firm Sophos has published its report on the latest trends in spam, and revealed the top twelve spam-relaying countries for the final quarter of 2008. The investigation reveals that, five years after Bill Gates predicted spam would be eradicated, it remains a major problem for computer users as spammers veer away from traditional techniques and get creative – with no end in sight.

On January 24, 2004 at the World Economic Forum in Davos, Switzerland, Bill Gates declared that spam would be ‘a thing of the past’ within two years. However, with the prophecy’s five-year anniversary approaching, experts at SophosLabs have revealed that the latest figures for Q4 2008 indicate that spam is still causing problems for computer users and assuming more guises than ever before. Furthermore, more spam is malicious and often designed to infect users’ computers via sophisticated malware attachments or a link to malicious or infected websites, in order to steal sensitive information.

“The rumors of spam’s death have been greatly exaggerated over the years – the threat remains alive and kicking despite increased legal action against spammers, the occasional takedown of Internet companies which assist the cybercriminals, and constantly improving anti-spam software,” said Graham Cluley, senior technology consultant at Sophos. “Many IT professionals cast doubt on Bill Gates’ assertion back in 2004, deeming the timeframe of his pledge to be unrealistic. Although the latest stats show that the proportion of spam relayed per country may have decreased year-on-year, spammers have turned to more creative – not to mention devious – methods to ensure their messages reach as many unsuspecting computer users as possible.”

NEW AVENUES OF SPAM ATTACK

Cybercriminals have shown an increased attraction to social networking sites like Facebook and Twitter during this last quarter, indicating that spammers are successfully adapting their methods to suit the current environment. These sites have become part of many computer users’ daily routine – whether it’s logging on to see what their friends are up to, viewing photos, or updating their status, masses of personal information are updated every minute. Such frequent use makes social networking sites a prime target for spammers and malware authors who typically attempt to break into innocent users’ accounts and take advantage of trusted social networks to send spam and malware.

For example, in November, Sophos reported that Facebook had won an $873 million judgment against a Canadian man who bombarded millions of Facebook members with unsolicited spam messages. The spammer tricked users into revealing their passwords and usernames, and then used the information to gain access to their personal profiles. Facebook claimed that the man then sent out more than four million messages promoting products from marijuana to sexual enhancement drugs.

“Spammers really took to using sites like Facebook and Twitter as a vehicle for their spam antics during the last three months of 2008,” continued Cluley. “Cybercriminals have cottoned onto the fact that social networking users can be more easily fooled into clicking on a link that appears to have come from a trusted Facebook friend, than if it arrived as an unsolicited email in their inbox. The notorious Nigerian 419 scammers have even evolved, masquerading as Facebook friends in order to trick unwary users into parting with valuable sensitive and financial information. Ultimately, while users are still falling for these scams, the fraudsters will continue. And while the authorities are making great progress, everyone must take steps to ensure they don’t fall victim.”