Spam, especially junk e-mails with malicious links or attachments, continues to be a huge IT headache. Spammers are also getting more creative in their attempts to find victims, utilizing popular sites such as Facebook and Twitter, according to a report from UK-based security firm Sophos this week.

The consultancy published its latest spam trend report and said new figures reveal that spam is still causing problems for computer users. In the fourth quarter of 2008, Sophos research found one in every 256 e-mails contained a dangerous attachment in October. In November, that figure improved to one in 384. December saw a huge decline: Just one in every 2000 e-mails contained a spam. Graham Cluley, senior technology consultant at Sophos, said it is possible the drop-off may be related to the shut down of the McColo Corp., a Web-hosting firm that security experts believe was responsible for three-quarters of the world's spam.

"It's hard to say exactly what can be causing this," said Cluley. "Certainly that is possible."

Numbers for January have not been assessed yet and Cluley said it is too early to determine if the drop off in spam levels has continued, or if spam is now back at levels seen in earlier months. What is clear, said Cluley, is that more spam is malicious in nature now and often designed to infect users' computers via sophisticated malware attachments or a link to malicious or infected websites, in order to steal sensitive information. Cluley also said social networking venues, such as Facebook and Twitter, are now the hot targets for spammers.

"Spammers really took to using sites like Facebook and Twitter as a vehicle for their spam antics during the last three months of 2008," he said. "Cybercriminals have cottoned onto the fact that social networking users can be more easily fooled into clicking on a link that appears to have come from a trusted Facebook friend, than if it arrived as an unsolicited email in their inbox. The notorious Nigerian 419 scammers have even evolved, masquerading as Facebook friends in order to trick unwary users into parting with valuable sensitive and financial information. Ultimately, while users are still falling for these scams, the fraudsters will continue. And while the authorities are making great progress, everyone must take steps to ensure they don't fall victim."

Death to Spam?

The report also referenced a 2004 prediction by Bill Gates that spam would be a thing of the past in 2 years.

"The rumors of spam's death have been greatly exaggerated over the years the threat remains alive and kicking despite increased legal action against spammers, the occasional takedown of Internet companies which assist the cybercriminals, and constantly improving anti-spam software," said Cluley. "Many IT professionals cast doubt on Bill Gates' assertion back in 2004, deeming the timeframe of his pledge to be unrealistic. Although the latest stats show that the proportion of spam relayed per country may have decreased year-on-year, spammers have turned to more creative, not to mention devious, methods to ensure their messages reach as many unsuspecting computer users as possible."

And the Spam King Crown Goes to...

Between October and December 2008, the United States was responsible for most of the world's spam, according to Sophos. China was in the second spot and Russia was third. Sophos officials pointed to Canada, Japan and France as countries that have made progress in spam prevention. All three, considered "serial offenders" five years ago, are no longer present in the list of spam reprobates.

"Although there's no denying that some countries have significantly reduced their contribution to the spam epidemic over the past five years, the United States still holds the crown," said Cluley. "Though its spam contribution has significantly decreased since Bill Gates' proclamation, falling from almost half of all spam relayed at the end of 2004, to 21.3 percent by the end of 2007, and now resting at 19.8 percent, this shows there's certainly no quick fix."

This story, "Study: Spam Is Getting More Malicious" was originally published by CSO .