The Geography of Spam
Thought folks might find this blurb from Sophos on the geography of Spam interesting. 30% of Spam, they report, comes from hijacked PC's. Matches pretty close to what we see across our network - i.e. all sorts of stuff from swbell.net o U.S. Routes More Spam than World Combined, Study Shows Paris -- Intentionally or not, the U.S. routes more spam e-mail traffic than the rest of the world combined, according to a new study by anti-virus firm Sophos. The study concludes that most of the unsolicited junk e-mails originate in Russia and then passes through hacked computers in the U.S. "More than 30% of the world's spam is sent from these compromised computers, underlining the need for a coordinated approach to spam and viruses," said Charles Cousins, Sophos' Asia managing director . The U.S. accounts for a whopping 56% of the global spam pie, followed by Canada with 6.8%. Europe did not fair very well in the report either, with the Netherlands (5th), Germany (7th), France (8th), the U.K. (9th) and Spain (12th) all making the list. http://www.sophos.com/spaminfo/articles/dirtydozen.html
On Tuesday, March 02, 2004 11:11 AM [EST], sgorman1@gmu.edu <sgorman1@gmu.edu> wrote:
Thought folks might find this blurb from Sophos on the geography of Spam interesting. 30% of Spam, they report, comes from hijacked PC's. Matches pretty close to what we see across our network - i.e. all sorts of stuff from swbell.net
o U.S. Routes More Spam than World Combined, Study Shows
Paris -- Intentionally or not, the U.S. routes more spam e-mail traffic than the rest of the world combined, according to a new study by anti-virus firm Sophos. The study concludes that most of the unsolicited junk e-mails originate in Russia and then passes through hacked computers in the U.S. "More than 30% of the world's spam is sent from these compromised computers, underlining the need for a coordinated approach to spam and viruses," said Charles Cousins, Sophos' Asia managing director . The U.S. accounts for a whopping 56% of the global spam pie, followed by Canada with 6.8%. Europe did not fair very well in the report either, with the Netherlands (5th), Germany (7th), France (8th), the U.K. (9th) and Spain (12th) all making the list. http://www.sophos.com/spaminfo/articles/dirtydozen.html
I guess I can say, that I can somewhat agree with what they are saying, but the percentage seems to be a bit lower then what I would have said. With the recent round of viruses that seem to be designed to help spammers hijack end user machines, I'd say the percentage is more towards 45-50%. Sometimes its very hard to tell the difference between an open proxy, and a drone running an open proxy (take the AHBL's proxy list, which is over 410,000 proxies listed, and our infected/hijacked machine count comes nowhere near that). Part of the reason why alot of the spam comes from outside of the US is because US spammers need to hide their actual locations in order to avoid getting snared by CAN-SPAM and similar. This is why Ralsky bases his spamming campaigns out of China, where the laws are more relaxed in terms of this stuff, and is less likely to get yanked off of his net connection. This is also why spammers have 'fronts'. :-) -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org
[snip]
Somehow it seems like when you take into account the number of PCs on high speed connections, these numbers make a lot of sense. The US has a large population of these PCs so yeah, duh, the US leads in compromised hosts. IMO, what would be a really useful "report" or "study" is to expose the companies that are actually making money from "spam" advertising. If it didn't work, these companies would hire firms to spam. Follow the money. Where does it go? How can legal avenues be used to make spam as expensive direct mail or telemarketing? (lawsuits, criminal prosecution, ?) IMO Michael (speaking only for myself, ignore my @domain)
anti-virus firm Sophos. The study concludes that most of the unsolicited junk e-mails originate in Russia and then passes through hacked computers in the U.S. "More than 30% of the world's spam is sent from these compromised computers, underlining the need for a coordinated approach to spam and viruses," said Charles Cousins, Sophos' Asia managing director . The U.S. accounts for a whopping 56% of the global spam pie, followed by Canada with 6.8%. Europe did not fair very well in the report either, with the Netherlands (5th), Germany (7th), France (8th), the U.K. (9th) and Spain (12th) all making the list. http://www.sophos.com/spaminfo/articles/dirtydozen.html
On 2 Mar 2004, at 15:57, Michael Airhart wrote:
[snip]
Somehow it seems like when you take into account the number of PCs on high speed connections, these numbers make a lot of sense. The US has a large population of these PCs so yeah, duh, the US leads in compromised hosts.
Well, the report "Broadband Internet Access in OECD Countries" shows that in 2002 only 36% of all broadband internet users were in the US. That's a greater proportion than any other single country, but according to that report most broadband subscribers are not in the US. http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-239660A2.pdf The quoted report said "the U.S. routes more spam e-mail traffic than the rest of the world combined", not "... than any other single country". So it appears there might be other forces at work than simply "more broadband users". Joe
On 2 Mar 2004, at 15:57, Michael Airhart wrote:
Somehow it seems like when you take into account the number of PCs on high speed connections, these numbers make a lot of sense. The US has a large population of these PCs so yeah, duh, the US leads in compromised hosts.
Well, the report "Broadband Internet Access in OECD Countries" shows that in 2002 only 36% of all broadband internet users were in the US. That's a greater proportion than any other single country, but according to that report most broadband subscribers are not in the US. Correct, so spamsources outside US will continue to increase.
The quoted report said "the U.S. routes more spam e-mail traffic than the rest of the world combined", not "... than any other single country". Also correct. My own source (including @sophos) actually tell me the report of 30% from zombies is understatement, its likely to be over 50% now and stil growing - typical setup for spammer (who is actually quite likely to be from US) involves getting dedicated server offhsore, such as china, korea, russia, brazil; then getting/buying initial set of zombies where some are thereafter used to scan for vulnerable hosts and infect them and most are setup to spew (or act as proxy for their offshore server that actually does the sending of) spam.
So it appears there might be other forces at work than simply "more broadband users". There are still some spammers sending directly (that are trying to operate within the law, provide postal opt-out - usually in Florida, etc).
Additionally reasons for highier percentage in US that I can think of: 1. Number of IPs assigned to US is quite a bit highier in percentage to what is assigned to rest of the world. If somebody is scanning fo find vulnerable hosts from entire net, their chance of finding US ip is quite high. 2. In US every DSL line would have its own ip, sometimes more then one but in foreign countries, availability of ips to ISPs is still smaller then in US and some still use NAT and other means 3. Outside US less number of people (as percentage of total population in some country) have access to broadband and as such those who do are more advanced in their computer skills and better educated (and know not to open attachments from unknown sources) where as in US number of "dumb" users is highier just because the broadband has penetrated population at-mass. 4. Some countries with high number of broadband users (such as Korea) are bad as source for email spam because of previous experience of them not dealing quickly with abuse reports - those countries are simply blocked. 5. Because most target for spammers are in US, if spammer has choice between US and foreign proxies some may choose US because it will work better (some other may on the other hand choose offshore as its less likely to be traced to him, but usually with server already offshore they don't care that much). There are probably other reasons I could not immediatly think of but as broadband penetration boom in US slows down and in other countries its just picking up, the percentage of spam from US zombies will slowly go down. -- William Leibzon Elan Networks william@elan.net
participants (5)
-
Brian Bruns
-
Joe Abley
-
Michael Airhart
-
sgorman1@gmu.edu
-
william(at)elan.net