The level of malicious activity on the internet and spam occurring in India will only increase as its broadband infrastructure and user base grow.
A new report by security firm Sophos suggests that “...a new dirty ‘gang of four’ — South Korea, Brazil, India and their ringleader USA — account for over 30 per cent of all the spam relayed by hacked computers around the globe” (See table).
However, China — often blamed for cybercrime by other countries — has completely disappeared from the “dirty dozen”. It is ranked 15th, responsible for relaying just 1.9 per cent of the world's spam. “...At least in the last 12 months, the proportion of spam relayed by their computers has steadily reduced,” said Graham Cluley, senior technology consultant at Sophos.
Spam, notes Sophos, accounts for a staggering 97 per cent of all email received by business email servers, putting both a strain on resources and wasting a huge amount of time and productivity. Used largely as a method for selling counterfeit or illicit goods such as fake pharmaceuticals, luxury watches and false diplomas, virtually all spam comes from malware-infected computers (called bots or zombies) that are controlled by cybercriminals.
The numbers are only set to grow as broadband usage increase. At last count, India has over 8.75 million broadband users. Moreover, government crackdowns in developed countries have led cybercriminals to launch their attacks from the developing world where laws are not that stringent.
The findings of other security firms are no different. In 2009, spam made up 88 per cent of all email observed by Symantec, with a high of 90.4 per cent in May and a low of 73.7 per cent in February. Of the 107 billion spam messages distributed globally per day on average, 85 per cent were from botnets. Another internet content security firm, Trend Micro, recently released a report that exposed the presence of 25,000 Indian email addresses and passwords on different hacker forums.
Spam can be an innocent nuisance. But many a times, it can (and does) lead to cybercrimes like phishing, etc. For instance, according to Symantec, India experienced a surge in malicious activity in 2009 – moving from 11th for overall malicious activity in 2008 to fifth in this period. In 2009, India accounted for 15 per cent of all malicious activity in the Asia-Pacific and Japan (APJ) region, up from 10 per cent in 2008. For specific categories of measurement in the APJ region, India increased its rank in malicious code, spam zombies and phishing hosts from 2008. Its high ranking in spam zombies also contributed to India being the third-highest country of spam origin globally.
Meanwhile, cybercrime attack toolkits have lowered the bar to entry for new cybercriminals, making it easy for unskilled attackers to compromise computers and steal information. One such toolkit called Zeus (Zbot), which can be purchased for as little as $700, for instance, automates the process of creating customised malware capable of stealing personal information.
Attackers are also leveraging social engineering techniques to lure unsuspecting users to malicious websites, according to Symantec. In particular, 2009 saw a dramatic growth in the number of web-based attacks targeted at PDF viewers.
“Computer users should not just protect their computers from threats like malware and spam, they should also pledge to never ever buy anything advertised via spam,” said Cluley.
