India is the second largest spam relaying country in the world

by CXOtoday Staff    Oct 14, 2010

SpamFrom just being a nuisance to becoming a means for cybercriminals to grow their operations, Spam has come a long way. Many a times we are tempted to open a spam message out of curiosity, which could lead spammers to take control of your computer within seconds. Even if your computer does become part of a botnet, you could still be inviting further malware infections, which may compromise your personal or banking details.

If you thought that computer users in developed nations need to worry about Spam attacks, then think again. According IT security and control firm Sophos, India is the second largest spam relaying country in the world, behind the US. Almost all of this spam comes from malware-infected computers (known as bots or zombies) that are being controlled by ‘botherder’ cybercriminals. One of the primary tactics used by cybercriminals to grow botnets involves tricking computer users into clicking malicious links - either contained in spam email or social networking messages - which direct computers to malware infected webpages.

Sophos also notes a rise in social networking spam during Q3 2010, with the widely reported ‘onMouseOver’ exploit creating spam tweets on Twitter, and a raft of Facebook scams that have been created by spammers to generate money from survey websites.

“What’s interesting about the Facebook scams is that they exploit human weaknesses to spread - tricking users into filling in a questionnaire if they want to see a shocking picture or video that may not even exist. Unfortunately, these scams continue to proliferate, with new ones springing up every day, and Facebook seemingly unable to kill them off permanently,” says Graham Cluley, Senior Technology Consultant, Sophos

The best way for computer users to reduce the risk of being compromised is to run anti-spam and anti-malware protections, behave sensibly when online, and ensure systems are up-to-date with security patches. Users should always take care over where they enter their login credentials and be aware that they might be on a bogus website that has been created purely for the purposes of grabbing usernames and passwords.