95% of all email is spam says Panda Security

The study from the Spanish-headquartered IT security vendor notes that, whilst Brazil, India and Russia are the top three sources of spam, the US is only in eight position, and the UK has dropped out of the top 10 spam charts.

Infosecurity discussed the report's findings with Sebastian Zabala, Panda's project manager, and asked him what the ISPs – many of whom filter out a lot of spam at tier one ISP levels – are doing about the spam problem.

A growing number of ISPs, he says, are now blocking port 25 on their internet connections, so that, if a user's computer becomes infected, then it stops the ISP from being used as a spam relay.

And in situations where the customer requires port 25 to be activated, such as for business remote email, then the ISP will activate the facility, but works with the customer to ensure their system cannot be used for spam relay purposes, he explained.

"It's a trade-off [in security terms]", he said, adding that although ISPs are doing their best to tackle the issue, spam will always be a problem on the internet, largely because of the large amount of revenues that spammers generate – either through sales from spammed emails, or spam-driven malware.

Another way in which company users of the internet can tackle the problem of spam is to opt in to their ISP's end point security and anti-spam facility, which usually costs a little extra, but does cut down on spam volumes, he says.

Delving into the report shows that the UK has dropped out of the top 10 countries that generate spam – Why is this? we asked Zabala.

"I don't know why this is the case", was his reply, but he added that colleagues at Panda are still trying to work out why this happened.

According to the report, Twitter was hit by a couple of worms during the quarter, one of which was caused by a JavaScript vulnerability that allowed for a cross-site scripting attack.

The 'MouseOver' worm, meanwhile, which triggered when someone hovers their mouse over content, also posed a problem, as they redirected users to web pages or published JavaScript in their Twitter feeds without their permission.

Twitter was able to clear up these threats relatively quickly, says the report, adding in its conclusion that, whilst Panda would like to be able to sign off one of these annual or quarterly reports with a positive message, this is not possible.

"We would like to say the situation has improved. However after some deliberation, the editorial team have decided that this is still not the case", says the study.

"The reasons are quite clear: there continues to be more malware than before, cyber-criminals continue to infect users, new techniques are emerging to take users by surprise, smart phones are under attack... so really, nothing out of the ordinary", the report adds.

However, the study goes on to say, in various countries there have been some successes, particularly the bringing down of the Mariposa botnet initially, as well as the sales model of the original kit, Butterfly.

"The collaboration to this end which began last year, continues to prosper, and we believe there will be yet more arrests. This has been a great example of teamwork and international collaboration", said Panda in its report.

Other areas worth watching for, the study concludes, include the arrival of more blackhat SEO attacks, and Apple Mac-driven malware, which will be on Panda's radar for future reports.

What’s Hot on Infosecurity Magazine?