Saudi Arabia leads the region as a source of spam

Kaspersky Lab, the largest antivirus company in Europe, presents its spam report for the GCC in the third quarter of 2011. The results show that Saudi Arabia is a local leader as a source of spam.

It’s known that spam emails are distributed worldwide. Spam traffic differs from country to country depending on regional specifics. At the same time, there are some common themes and trends that feature in spam regardless of where it is sent or received in the world.

All the GCC countries combined account for only 1.33% of all global spam. The main reason that there are such low volumes of spam originating in the region is due to the relatively low number of users. It becomes even clearer when we look at the following diagram:

“The country with biggest population in the region, Saudi Arabia, is a local leader when it comes to sources of spam (0.69%). Even though Saudi Arabia is the most populated county in the Middle East region, its population can’t be compared with that of countries like India and Indonesia. That’s one of the reasons why the amount of spam even from this country is so low. The second reason is that users are careful about protecting their computers,” explains Maria Namestnikova, Senior Spam Analyst at Kaspersky Lab.

Egypt, Lebanon and Jordan as sources of spam

Once again the most populous country of these three is the biggest source of spam. The share of global spam originating from Egypt is 0.22%, whereas the share of spam originating from Lebanon is more than two times less – 0.09%; Jordan accounts for even less – 0.07%.

“These figures may appear to be unimpressive, but you need to keep in mind that the total amount of spam messages sent daily runs into the billions. So, even small figures such as 0.07% or 0.69% represent a huge amount of mail traffic – not thousands but millions of messages,” adds Maria Namestnikova.

Share of spam globally

The share of spam in mail traffic differs slightly from country to country. In the third quarter of 2011 the global average fell 2.7 percentage points compared to Q2 and averaged 79.8%.

Sources of spam globally

In Q3, more than 50% of all spam messages in the world originated from just six countries: India (14.8%), Indonesia (10.6%), Brazil (9.65%), Peru (6.65%), South Korea (5.85%) and Ukraine (3.7%).

All of the countries that make up the TOP 10 sources of spam are situated in South America, Asia and eastern Europe. This is due to the fact that there are numerous users in these countries and they are, for the most part, not very experienced when it comes to IT security. This makes them a soft target for cybercriminals spreading spam-bots.

Malicious attachments in mail traffic (World, GCC, Egypt, Lebanon and Jordan)

In Q3, malicious files were found in 5% of all email traffic. Country ratings based on the number of mail antivirus detections show that Russia was the leader, accounting for 9.78% of such detections; the US was rated second in Q3.

Our mail antivirus made about 1.32% of all global detections in the GCC region. Most of the detections we recorded were on the territory of Saudi Arabia and the UAE. The diagram below shows the breakdown for the countries in the region:

The share of Kaspersky mail antivirus detections in Q3 on the territory of Egypt was 0.26% of all detections in the world; on the territory of Jordan it was 0.24% and on the territory of Lebanon – 0.2%.

The top two most frequently detected malicious programs worldwide in Q3 came as no surprise:

Trojan-Spy.HTML.Fraud.gen – typically the number one troublemaker. This malicious program is actually an html page that copies the registration form of a financial organization. Use of this malware can easily be defined as phishing. Second place was taken by Email-Worm.Win32.Mydoom.m, the only mail worm to make the Q3 ratings. This particular threat really only has two functions: to harvest electronic addresses on infected machines and send itself to those addresses.

The third-most detected malicious program in email traffic in Q3 was Trojan.Win32.FraudST.atc. It’s a spam bot, distributing pharmaceutical spam.

The top 10 malicious programs spread via email in Q3 2011 in the GCC countries differs from those shown above.

It’s interesting that Trojan-Spy.HTML.Fraud.gen took only 10th place in the rating for this region. It means that users in the Middle East are targeted less by phishers than the average Internet user worldwide.

The two most detected malicious programs in this region are Worm.Win32.Mabezat.b and Email-Worm.Win32.Mydoom.m. Both of them are clearly not targeting anything particular, but just hop from one PC to another distributing themselves via all the emails they can find on an infected machine. It also shows that the region is not a favorite among cybercriminals.

The malicious program detected most often by mail antivirus in Egypt, Lebanon and Jordan in Q3 was Email-Worm.Win32.Mydoom.m.

Regional specifics

There are features of spam that are peculiar to the Middle East (as well as Egypt, Jordan and Lebanon) just like in all other regions of the world.

“First of all it’s a language thing. It’s not surprising that many messages sent to users in the Middle East region are in Arabic. At the same time, sending spam in Arabic to other regions is a waste of time. As a result, most Arabic spam messages are sent by local companies looking for customers in their region and advertising via spam. It doesn’t make these messages safe or ’good’ – they are, after all, spam,” warns Maria Namestnikova.

International spam advertising things like pharmaceuticals and fake designer goods is sent mostly in English – the relatively small number of users makes it unprofitable to translate all these messages into Arabic.

Of course, yet another factor is that of culture and religion. All local and Muslim events and holidays are used in regional spam messages. In August, for instance, we saw many messages connected with Ramadan.