Sophos: US wins spam and malware crown

The US has been named and shamed as the nation that hosted more malicious code and relayed more spam than any other during 2006.

According to the security vendor Sophos Security Threat Report 2007, the US internet industry remains plagued by criminal activity despite continued efforts to clamp down on cyber-crime.

"Too many US-hosted websites still have lax security measures in place," said Carole Theriault, senior security consultant at Sophos.

"Given the effectiveness of web-based attacks, web hosting companies in the US and elsewhere need to step up their policing of published content, and ensure that malicious code is quickly removed before innocent users get hit."

The UK ranked 19 in the chart, responsible for hosting 0.5 per cent of all websites containing malicious code.

The US also topped the list of worst spam-relaying nations. While the US has made good progress in this area, there was still more spam sent from US computers in 2006 than from any other single nation.

Sophos noted that up to 90 percent of all spam is now relayed from zombie computers hijacked by Trojan horses, worms and viruses and under the control of hackers.

This means that they do not need to be based in the same country as the computers being used to send the spam.

The report also found that the most prolific email threats during 2006 were the Mytob, Netsky, Sober and Zafi families of worms, which together accounted for more than 75 per cent of all infected email.

However, Sophos predicts that 2007 is likely to see a significant shift away from the use of email, as cyber-criminals look to exploit the continued global growth in web use, as well as user-defined web content.

The study predicts that email will continue to be an important vector for malware authors, although the increasing adoption of email gateway security is making hackers turn to other routes for infection.

"The internet now represents the easiest way for cyber-criminals to gain entry to corporate networks, as more users are accessing unregulated sites, downloading applications and streaming audio/video, potentially jeopardising security in the process," said Theriault.

"A great many businesses are not geared up to gain insight into users' online behaviour, let alone control it, and it is vital that they now begin to examine ways to incorporate web security into their overall IT security strategy."

The statistics reveal that spyware accounted for 50.43 percent of all infected email in January 2006, while 40.32 percent were emails linking to websites containing Trojan downloaders.

By December 2006 the figures had been reversed, with the latter now accounting for 51.24 per cent, and spyware-infected emails reduced to 41.87 percent.

Some 30 percent of all malware is now written in China, most of it taking the form of Trojans used for gaining a backdoor into users' computers.

Surprisingly, 17 percent of malware written in China is designed for the specific purpose of stealing passwords from online gamers.

In contrast, malware authors based in Brazil are responsible for 14.2 per cent of all malware, the majority of which is designed to steal information from online bankers.

"It is interesting to see how malware varies depending on location, often exploiting current country-specific online trends," said Theriault.

"Identifying the source of the malware helps security experts and authorities to strengthen criminal profiles and bring the perpetrators to justice."