Where Does Spam Comes From? Top 5 Sources

With the emergence of email as a top contender for messaging, there cam the appearance of spam. No, not the canned meat variety - spam is like the junk mail that you receive in the mail box, just in an electronic form.

While email is still the primary source of spam, the growing usage of social networks and media is becoming a more popular form. Where exactly do these threats come from and who is responsible?

According to a report by Spamhaus, 80% of the spam that users receive are generated by a group of hardcore spammers from North America and Europe. This listing is ranked by those that are the greatest risk to computer users, as they not only send out spam, but other harmful Internet threats such as malware, botnets, and pharming scams.

The list below is from the recent entries in the Spamhaus' register of known spam operations (ROKSO) as of January 2011

Rank 1: Canadian Pharmacy

This gang uses botnets to send thousands of millions of spam per day with the help of its affiliates all around the world.

Rank 2: Rove Digital

Rove Digital is the name of a group that operates in the country of Estonia and are responsible for a number of botnets, pharming, malware, and other Internet dangers that face computer users

Rank 3: Alex Blood / Alexander Mosh / AlekseyB / Alex Polyakov

Massive botnet, child-porn spam ring, pharmacy and mortgage scam that originates in the Ukraine. Have been tied with fellow spammers Leo Kuvayev and Yambo Financials.

Rank 4: Vincent Chan / yoric.net

This Chinese spammer along with his brother runs several campaigns related to pharmacy, mortgages, ink cartridges, toner cartridges, watches and other OEM warez.

Rank 5: Peter Severa / Peter Levashov

A partner of Alan Ralsky and other spam gangs.

There are several different types of scams, such as phishing and malware ploys that get a user to reveal their personal information to someone pretending to another person, such as a banking or financial institution or that of a popular social media stie like Facebook.

Phishing & Malware

Phishing scams and malware are also a source of spam, as they will usually come in the form of an email or a link that is attached to an email. Phishing is the act of a hacker or individual using various means to get a computer user to reveal sensitive and personal information about themselves. These are usually in the form of an email from a reputable company, like a bank, eBay, Amazon, Facebook, etc asking that a user click a link in order to be taken to their account.

Malware is software that stops, interferes, alters, or harms your computer, often hiding or masquerading as a legitimate program. Both of these have grown in recent years.

As one would expect, one of the more popular sources of spam comes in the form of fake emails from a banking or financial institution. According to the September 2010 report done by SecureList (a subset of Kapersky), the free online financial website of Pay Pal was the number one target involved with phishing attacks.

The purpose of these attacks is to get actual members of a banking or financial institution to fill in their user and account information through the use of fake hyperlinks that are written within the email. Unfortunately, these types of spam mails are also targeted to those that are not as technically or computer savvy and therefore will follow the link and the instructions without being aware of the consequences.

The September report done by Securelist also listed two of the big social networks - Facebook and LinkedIn. Facebook spam threats accounted for 3.8% of attacks; LinkedIn endured a bad month in September when it become a target for a Trojan horse program known as Zeus. Users were sent emails stating that they had two unread messages within their inboxes, with a link supposedly to connect them to the inbox.

The link would download the Trojan horse onto the user's computer, while the links themselves lead to compromised websites.

The best way to prevent yourself from becoming a victim of these scams is to make sure that you are not giving away your personal information to an unknown person. Never click a link in an email unless you are sure that it is coming from a reputable institution; if you're unsure of the email or it asks you to send your information through email, open a new browser window or tab and go to that website's web address. A true and official company will never ask for your personal information through an email.

Also, be sure to have your computer's antivirus and anti-malware software up to date and that your passwords are complicated enough to never be guessed from a hacker, while being easy for you to remember. The suggestion is to never use the names of people you know, home addresses, birthdays, and other easily guessed ideas for your password.

Spamhaus

SecureList - Sept 2010 report

Image via Spamhaus, Facebook