On 2 Mar 2004, at 15:57, Michael Airhart wrote:
Somehow it seems like when you take into account the number of PCs on high speed connections, these numbers make a lot of sense. The US has a large population of these PCs so yeah, duh, the US leads in compromised hosts.
Well, the report "Broadband Internet Access in OECD Countries" shows that in 2002 only 36% of all broadband internet users were in the US. That's a greater proportion than any other single country, but according to that report most broadband subscribers are not in the US. Correct, so spamsources outside US will continue to increase.
The quoted report said "the U.S. routes more spam e-mail traffic than the rest of the world combined", not "... than any other single country". Also correct. My own source (including @sophos) actually tell me the report of 30% from zombies is understatement, its likely to be over 50% now and stil growing - typical setup for spammer (who is actually quite likely to be from US) involves getting dedicated server offhsore, such as china, korea, russia, brazil; then getting/buying initial set of zombies where some are thereafter used to scan for vulnerable hosts and infect them and most are setup to spew (or act as proxy for their offshore server that actually does the sending of) spam.
So it appears there might be other forces at work than simply "more broadband users". There are still some spammers sending directly (that are trying to operate within the law, provide postal opt-out - usually in Florida, etc).
Additionally reasons for highier percentage in US that I can think of: 1. Number of IPs assigned to US is quite a bit highier in percentage to what is assigned to rest of the world. If somebody is scanning fo find vulnerable hosts from entire net, their chance of finding US ip is quite high. 2. In US every DSL line would have its own ip, sometimes more then one but in foreign countries, availability of ips to ISPs is still smaller then in US and some still use NAT and other means 3. Outside US less number of people (as percentage of total population in some country) have access to broadband and as such those who do are more advanced in their computer skills and better educated (and know not to open attachments from unknown sources) where as in US number of "dumb" users is highier just because the broadband has penetrated population at-mass. 4. Some countries with high number of broadband users (such as Korea) are bad as source for email spam because of previous experience of them not dealing quickly with abuse reports - those countries are simply blocked. 5. Because most target for spammers are in US, if spammer has choice between US and foreign proxies some may choose US because it will work better (some other may on the other hand choose offshore as its less likely to be traced to him, but usually with server already offshore they don't care that much). There are probably other reasons I could not immediatly think of but as broadband penetration boom in US slows down and in other countries its just picking up, the percentage of spam from US zombies will slowly go down. -- William Leibzon Elan Networks william@elan.net