Symantec Global internet Security threat report
the second most common type of spam detected was related to commercial products, which accounted for 17 percent of the spam observed by Symantec in 2009. While some categories had spikes at certain times of the year, the levels of product spam remained constant from January to December. From early January, Symantec noted product spam promoting roses and chocolates for Valentine’s Day, to designer watches and footwear in the summer months, to household trinkets for thanksgiving and Christmas in november and December. this category has also remained relatively constant year after year, while selling commercial paraphernalia remains a fruitful source of revenue for spammers.
Financial services spam remained the third most popular spam category in 2009, accounting for 15 percent of all spam observed. Financial spam contains references to money, the stock market, or other financial opportunities. Even though the percentage of financial spam remains relatively unchanged as far back as 2007, what has changed is the subject lines used to convey the spam in this category. in the early days of the global boom, penny stock was the most common type of financial spam observed by Symantec; these scams attempted to entice recipients to purchase penny stocks and shares, often as part of a pump-and- dump ploy to over-promote certain stocks.
As discussed previously, spammers frequently exploit current events to garner attention for their merchandise. this reporting period was no exception, with spam subject lines preying on the financially vulnerable by offering a risk-free way out of the financial crisis. this includes a barrage of “fear of foreclosure” spam upon the collapse of the real estate bubble, as well as “make $$$ working from home” messages. it has also been noted by Symantec that these work from home scams can often be vehicles for receiving stolen goods or transferring money stolen from online banking.
Countries of spam origin
this section will discuss the top 10 countries of spam origin. this discussion is based on data gathered by customer installations of Symantec Brightmail AntiSpam. the data includes the originating server’s ip address, against which frequency statistics are compared. Each ip address is mapped to a specific country and charted over time. the nature of spam and its distribution on the internet presents challenges in identifying the location of people who are sending it because many spammers try to redirect attention away from their actual geographic location. in an attempt to bypass ip block lists, the spammers use trojans that relay email, which allow them to send spam from sites distinct from their physical location. to send large volumes of spam, spammers tend to take advantage of geographic areas with large networks of available broadband connections. As a result, the origin of spam tends to increase in countries that have more insecure broadband connections. these high-speed connections are often constantly connected to the internet. this allows spammers to send out high volumes of spam by zombie connections at any time of the day.
in 2009 the United States remained the top-ranked country for spam origin, accounting for 23 percent of all spam observed by Symantec (table 22). this is down six percentage points from 29 percent in 2008 and down considerably from 45 percent in 2007. the ranking of the United States is not surprising given that it has the second highest number of broadband users globally.202