I should add that I meant to say it matches the fact we gets lots of spam from hijacked machines - not the 30% number. We have just been looking at a few machines, but would love to see or hear about anyone who has bigger datasets to work with. ----- Original Message ----- From: Brian Bruns <bruns@2mbit.com> Date: Tuesday, March 2, 2004 11:23 am Subject: Re: The Geography of Spam
On Tuesday, March 02, 2004 11:11 AM [EST], sgorman1@gmu.edu <sgorman1@gmu.edu>wrote:
Thought folks might find this blurb from Sophos on the geography of Spam interesting. 30% of Spam, they report, comes from hijacked PC's. Matches pretty close to what we see across our network - i.e. all sorts of stuff from swbell.net
o U.S. Routes More Spam than World Combined, Study Shows
Paris -- Intentionally or not, the U.S. routes more spam e-mail traffic> than the rest of the world combined, according to a new study by anti-virus firm Sophos. The study concludes that most of the unsolicited> junk e-mails originate in Russia and then passes through hacked computers in the U.S. "More than 30% of the world's spam is sent from these compromised computers, underlining the need for a coordinated approach to spam and viruses," said Charles Cousins, Sophos' Asia managing director . The U.S. accounts for a whopping 56% of the global spam pie, followed by Canada with 6.8%. Europe did not fair very well in the report either, with the Netherlands (5th), Germany (7th), France (8th), the U.K. (9th) and Spain (12th) all making the list. http://www.sophos.com/spaminfo/articles/dirtydozen.html
I guess I can say, that I can somewhat agree with what they are saying, but the percentage seems to be a bit lower then what I would have said. With the recent round of viruses that seem to be designed to help spammers hijack end user machines, I'd say the percentage is more towards 45-50%. Sometimes its very hard to tell the difference between an open proxy, and a drone running an open proxy (take the AHBL's proxy list, which is over 410,000 proxies listed, and our infected/hijacked machine count comes nowhere near that).
Part of the reason why alot of the spam comes from outside of the US is because US spammers need to hide their actual locations in order to avoid getting snared by CAN-SPAM and similar. This is why Ralsky bases his spamming campaigns out of China, where the laws are more relaxed in terms of this stuff, and is less likely to get yanked off of his net connection. This is also why spammers have 'fronts'. :-)
-- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org
The Abusive Hosts Blocking List http://www.ahbl.org