Spam from Taiwan

TristanGrimaux writes "According to a recent study done by CipherTrust, two thirds of the world's spam is sent by Taiwan servers. The US follows with 24% and in a distant third is China with only 3% of the servers who actually sends the spam." The article cites easy access to broadband and lack of crackdown on offenders as the main contributing factors.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Whats specific about Taiwan?

[WinEveryGame]

So, what is so specific about Taiwan that causes this?

Availability of relatively cheaper computing power with good bandwidth?

Some legal stuff?

Availability of some skill set?

Re:Whats specific about Taiwan?

[Heir+Of+The+Mess]

Having been to Taiwan a fair bit I can think of some possibilities:-

Most people I know there earn about US$15k/yr, and upgrading the RAM in your Pentium3 machine and then the Hard Drive, and then the video card is sort of common practice. Forking out big $$ for Windows XP isn't real easy so a lot of people are running some SP1 version of Windows XP they bought for $1 off the street, and this version gets owned pretty fast, and can't be patched from windows update. So there are lots of bots.

Now 24Mbit internet access is like $5-$10 per month, so you can see there is quite a big engine there for generating spam.

The culture there is such that they love the latest thing, so I could imagine that there would also be a tendency for people to install software off the net that has malware in it as well.

Another thing I noticed is that your average grandmother there seems quite good at using a computer. So I could imagine that there might be more pensioner types sitting there doing some amount of spamming for a little bit of money.

Re:Whats specific about Taiwan?

[Yvanhoe]

Some legal stuff?

Maybe so. If you speak to a taiwanese official, you angry China, fearing that you might recognize Taiwan as a political entity different from mainland China. The political correctness wants that you complain at Beijing that the chinese province of Taiwan is sending a lot of spam. Of course they can't do anyhting about it but don't want you to meet the people in charge there.

I guess they have a lot of P2P there too...

I've done tests with HoneyBOT

[Spy+der+Mann]

http://www.atomicsoftwaresolutions.com/honeybot.ph p

With this software emulating an open SOCKS proxy, I've been able to detect several scans of port 1080, and then attempts to send e-mail to different servers around the world (i.e. Israel).

I don't remember if I got requests from Taiwan, but I did get them from South Korean IPs.

Re:I've done tests with HoneyBOT

[BrynM]

That's a cool project for a Windows honeypot. Thanks for the link. Outside of honeypots, I've been blanket filtering addresses from APNIC on my mail server for about a year now using some ideas I learned from this project (I filter at the mail request level rather than iptables). It's sad to filter an entire geographic region like that, but my users never talk to people from the Pacific Rim that I know of. My server (running XMail) is small, but my logs for the filtered emails constantly show the spam blocked exceeds the number of legit mails by a factor of four.

Since I started filtering, I've turned a couple of other admins onto the idea. I wonder if TW/KR will find themselves in some odd form of network segregation in the future as more people adopt the practice of filtering their IPs. That might push the authorities into a little more action.

Hmm...

[blank89]

Instead of figuring out where most of the spam comes from, they should figure out which geographic location churns out the most humorous spam. It could be a world wide competition.

Re:Survey Says?

[Short+Circuit]

As for following the money...I let the SEC do that. About once a week, I get a spam message pushing one stock or another. I forward them to enforcement (at) sec.gov. The message gets looked over by a lawyer.

I don't know that it does anything about the spam, but hopefully whoever paid for the message gets paid back.

Re:China has cheap broadband access

[Telvin_3d]

Heh, these days, everywhere except North America has cheap broadband. All the other governments see it as an important investment.

Re:Taiwan China ...

[kclittle]

Have you been under a rock since 1949? :)

They're part of China sort of (but not exactly) the way the South was part of the U.S. between 1861 and 1865, except the war to resolve the issue hasn't happened yet. Pray that it doesn't...

Re:China has cheap broadband access

[layer3switch]

France
*Total Population: 60,876,136
*Internet Users: 26,214,174

China
*Total Population: 1,313,973,713
*Internet Users: 111,000,000

I think, that number speaks for itself.

*ref. from CIA World Fact Book

China sending spam

[VincenzoRomano]

China with only 3% of the servers who actually sends the spam.

I was pretty sure that there was no way for China spammers to send email outside their borders!
And they don't need to. With their billion+ population, one fifth of the world can be reached without passing the invisible borders!

Overachievers

[Doc+Ruby]

Taiwan makes more than 66% of the notebooks on which we read that spam, so they're actually overperforming on the content:reader ratio. I wish they'd get more into eBooks.

Must not lose!

[Umbral+Blot]

Impossible! Go USA! Go USA! We can win the spam race!

Re:Taiwan China ...

[Zeebs]

Taiwan and China are actually both China. Taiwan is the Republic of China. While what most people(unless you happen to be from Taiwan) call China is of course the Democratic Peoples Republic of China. The DPRC does consider Taiwan a rouge province, while Taiwan doesn't consider that to be the case. As the other reply said, lets hope the war to resolve this doesn't happen any time soon.

Re:China has cheap broadband access

[_merlin]

Australia doesn't have cheap broadband. It's a rip-off here, just like in the US of A.

Re:Survey Says?

[Technician]

More like follow the offshore bank accounts, Grand Cayman Islands, etc.

I lived there. Internet access is expensive as it was a government protected monopoly. Check the rates. Cable and Wireless is the company. To visit, see www.candw.ky.

When they first put in internet, they got 2 satelite T1 links for the whole island. Little Cayman and Cayman Brac still did not have internet. They charged $0.25/minute for access on dial up.

Needless to say I didn't get internet until I returned to the states.

They have since gotten a Fiber Optic cable to Jamaca and they now offer DSL. They are running a promotion for $25/month for the first year. That is CI $ not USD. The price is close to US $30/month. Restrictions such as can't compete with the phone company by using VOIP is the norm.
The plan appears to be capped at 256K unless you upgrade to a faster plan. For example the 1024 plan is CI $74. The 512 plan is $59.

Cayman Islands is a nice place to go for diving and sun, but not for internet based business.

Re:Whats specific about Taiwan? -- Outsourcing!

[ahodgkinson]

So, what is so specific about Taiwan that causes this?
Availability of relatively cheaper computing power with good bandwidth?
Some legal stuff?
Availability of some skill set?

All of the above, and more. Taiwan is a great place to outsource technology intensive operations. Perhaps spammers have discovered this. In a nutshell, spamming is just another technology driven business.

Maybe it's so great that even China outsources their spam generation there too. Hence their low spam generation figures.

Re:Taiwan China ...

[kclittle]

Well, we have shades of red and red here. :)

Does the People's Republic of China collect taxes in Taiwan? No, the Republic of China does.

Does the PRC actually try to enforce its criminal laws in Taiwan? No, but the ROC enforces its laws.

Does the PRC define the commerce regulations, health regulations, education standards, voting laws, aviation regulations, etc. within the borders of Taiwan? No -- but the ROC does.

Does the PRC have military bases on Taiwan? No ... but the ROC does!

What the U.N., U.S. and Europe say in polite diplo-speak is one thing. The working reality (and the *money* reality) is that Taiwan is a separate country, perhaps not in name, but in operational fact.

Re:Survey Says?

[Firehed]

You don't do the business itself from the Caymans, just your under-the-radar finances.

Hinet Lax Policies

[Spikeman56]

I believe the main issue is that broadband here is pretty much monopolized by Hinet. If you have a phone (landline), chances are you have a Hinet e-mail address. For some reason Hinet never, ever, authenticates their e-mail servers allowing them to be used from anywhere for any purpose. As a result a lot of companies (like AOL possibly) have just banned the whole entire Hinet domain, which often results in e-mails going outside of Taiwan never getting to their intended recipient. Hinet is a mess, I don't why they're so bloody awful at maintaining their servers responsibly, but its providing to be a huge problem both worldwide and for Taiwanese people themselves.

CipherTrust? nothx.

[deepb]

CipherTrust operates a service called "Trusted Source" - it allows anybody to input an IP address, searching CipherTrust's DB to see if any spam has come from that IP recently. Aside from being generally useless, here are some of the funnier results:

http://www.trustedsource.org/query.php?q=255.0.0.0 255.0.0.0 - "Spam"
http://www.trustedsource.org/query.php?q=0.0.0.0 0.0.0.0 - "Spam"
http://www.trustedsource.org/query.php?q=224.0.0.1 224.0.0.1 - "Unverified"

Since they have most of my favorite subnet masks listed as a "Spam" source, I'm not sure that I trust any "research" that comes from these guys.. YMMV.

Re:Survey Says?

[Mr+Z]

Ok, I know you're trying to be clever with your "Content Restriction, Annulment and Protection" acronym, but it doesn't make any sense. Why not just "Consumer Rights Annulment Provision"? Much less ambiguous, and much more direct.

That said... Yes. The Cayman Islands and a couple other small nations serve as fiduciary havens, not infrastructure.

--Joe

You can easily fight with spammers.

[Snipergrunge]

By the way... Most spammers who sent you letters to visit their web pages want's you to click their Google adSense ads. So, help them! Keep clicking Google banner untill your arm get tired and guess what happened. Google will close their account in one second because Google systems will decide that advertiser trying to cheat. It is impossible to open account again! SPAMMER DEAD!

Re:CipherTrust? nothx.

[someone1234]

If a mailer manages to supply those crippled IP's then the mail is definitely fake, and most likely spam (or virus). Don't confuse a legitimate subnet mask with a fake IP.

Re:Survey Says?

[ciscoguy01]

Let the SEC do it.

The SEC. Ha. A worthless three letter agency, if you ask me.
The SEC's lawyers wanted my help on stock tout junk faxes. I told them I had the information they wanted and I could get the rest and testify- but only if they were going to put the junk faxers out of business. They had no intention of doing anything. They are just going through the motions, drawing government salaries. I declined to help them.

Like the FCC, another worthless three letter agency.
They fined Fax.com $5.4 million for sending out junk faxes. The FCC's lawyers wanted my help too, if I had bothered with them the fine would have been $240 million. I have files full of those junk faxes.
The FCC did nothing whatsoever to collect. NOTHING
If you or I owed the government money I can assure you they would be collecting from us.

Where's Nigeria?

[RetroRichie]

Prince Desmond Okotiebor Etete himself MUST account for at least 10% of all spam...

Tie One On

[tiktok]

Somedays I almost wish that some of this Taiwanese spam showed up in a character set I could read so at least I could have a good laugh at it, or at least learn how they are trying to extract money from illicit private bank accounts!

"Dear Sir or Madam,

This email may to you as a surprise, but I am Mr. Chen Liao, son of former Taiwanese president Lin Liao, who was murdered by ninjas, and I need your help recovering $25 million Taiwanese Dollars..."

Re:Taiwan China ...

[Beryllium+Sphere(tm)]

>does consider Taiwan a rouge province

So Taiwan is actually Red China?

(I apologize. I transpose keys too. But that one was just irresistible.)

SPAM origins

[__aanonl8035]

I run my own mail server for my private email that I only use with friends.
Lately, I have been getting spam about stock investments, and I notice that
it was pretty consistent so I started investigating what was going on with
my server. I started marking down ip addresses of the offending servers
and blocking them if I felt they were not legitimate mail servers or if it
was from a country that I know I will not get email from on my personal email
account.

I have been blocking a new server every day for 2 months.

Here is the scarey part. I still get the same email spam every day, but
only once.

My hunch is telling me that the purveyor of this message is using some
sophisticated means of harnassing zombie machines to send messages, and is
only sending a few messages at a time so that automated blackhole lists
never catch on fast enough. (such as spamhaus)

I have noticed that these machines are almost always located in Asia,
Latin America, or Eastern Europe...

It got so bad, I just started block entire class A's from countries I know
I am not going to email to or from.

59
61
80
81
83
84
85
87
88
201
211
218
221
222

Re:SPAM origins

[the+packrat]

My hunch is telling me that the purveyor of this message is using some sophisticated means of harnassing zombie machines to send messages, and is only sending a few messages at a time so that automated blackhole lists never catch on fast enough. (such as spamhaus)

It's not a 'hunch'. I try to stop spam coming from a large devolved university network with a great number of varyingly maintained windows boxes and many different mail servers. A little over a year ago, spam zombie machines stopped flooding tens of thousands of messages an hour and started leaking out a handful every now and then. A few months later, the email-borne virus folks caught up.

It makes them a lot harder to spot.

For what it's worth, blacklists are effectively useless. Almost all spam now comes from poorly secured workstations and personal machines attached to ISPs and other organisations. All you're going to do with a blacklist is irritate organisations who have users with poorly configured machines. This includes practically everyone. The spammers are just going to move on to another part of their massive botnet, only legitimate email will be blocked.

Likewise, your blocking of entire class A-sized-blocks, particularly as with tight IP space, a lot of blocks are being broken up and moved round, is pretty pointless. Reminds me of a post some years ago by someone who claimed you could stop lots of spam for no loss by blocking mail from all TLDs other than .edu, .gov, .edu, and .net. Ho ho ho. B>

Re:SPAM origins

[Haeleth]

It got so bad, I just started block entire class A's from countries I know
I am not going to email to or from.
[...]
81

I think you have a fundamental misunderstanding of the IP allocation system. Class A networks are not associated with single countries, but with registries. 81, for example, is one of the networks administered by the RIPE NCC; an IP address beginning with 81 could be located anywhere within Europe or the Middle East.

In fact, my very own IP address begins with 81. I live in Britain, which - as you may be aware - is not in "Asia,
Latin America, or Eastern Europe". It's a good thing I don't want to email you, isn't it?

Time for a history lesson?

[l-ascorbic]

After WW2 and the end of the Japanese occupation, a civil war was fought between the Communists under Mao and the KMT under Chiang Kai-shek. The KMT were effectively defeated by 1949, and Chiang evacuated to Taiwan. For much of the Cold War, "Free China" (ROC) was the only government of China recognised by most states and international organisations. However, as part of the 'detente' in the 1970s, most countries switched their recognition to Communist China (PRC). The ROC is obviously a state in all but name, but the situation is maintained to avoid nuclear war. The PRC has said that if the ROC declares independence then they will invade, while the US has stated that it will defend Taiwan, and has meanwhile provided large amounts of military aid. So, basically, it's a mess.

Spam solutions

[Antony-Kyre]

I'm not really sure how to deal with that, but let us focus as one method of spam. The method would be sending to a variety of e-mail addresses. Those kind of dictionary attacks or whatever they are killed. If e-mail providers were to make some dummy addresses which if hit, could block the e-mail server and/or IP address(es) for a given period of time, wouldn't that work?

(Fine, mod me down if you think this is off topic.)

Re:Spam solutions

[pe1chl]

Although there are some dictionary-like attacks, for example appending some characters to an existing address or subsitituting one or more characters by others, I think the vast majority of spammers just use existing addresses they get from spidering the web.
When an address appears somewhere on the web, especially in discussion forums, guestbooks, and foremost: IANA listings, it is guaranteed to receive spam.

I think the "dictionary attack" story is mostly folklore. When someone receives spam on a never-used never-published address they often cry "dictionary attack" without further research.

Of course, using spamtraps is a known technique. It may work a little, but there is not much you can block as there are so many addresses in use that blocking one is bringing you almost nothing.

Re:Spam solutions

[grogglefroth]

I've done this in the past. In 1997, I posted a single message containing only ":q" in the body to 19 (not 20!) newsgroups. Within a few hours, the first spam started rolling in. My smtp filter would automaticallly blacklist any sender+ip combo that sent mail to this bait address. This was very very effective for many years. A few years ago, I finally stopped using this method, as the use of using zombies made this practice no longer effective.

Greylisting is currently the most effective means I'm using right now for spam control; but I'm sure that'll change over the next few years too.

Re:Spam solutions

[mcguire]

I have a catch-all address at my personal domain so I can create one-time addresses for each company I do business with. It's easy to see which addresses leak out that way. Three things I've found:

A surprising number of addresses are taken from private "we will never sell your information" lists (never published anywhere on the interweb). The companies I have contacted about this have always refused to believe that their email lists are involved; perhaps stolen by an ex-employee? I'm not sure.

Second, much of my "spam" (50%?) is actually bounces where my domain was used as the From: header in the email. Luckily this is easy to detect and delete automatically. (Procmail's ^FROM_MAILER contruct is quite nice.)

Third, by now most of the other half of my daily spam is to email addresses at my domain that I have NEVER used -- they're made up. I can only assume that some spammer is indeed trying all the common names at a domain in the hopes of getting through. Luckily procmail and SpamAssassin block all that, but I can guarantee to you that it's happening. If it's not a "dictionary attack", what would you call it?

misinformation

[lxt518052]

There isn't a country in this world called Democratic Peoples Republic of China. The 1.3 billion population live in a country called PRC(People's Republic of China).

ROC used to rule the whole China, mainland and Taiwan combined. They lost the civil war in 1949 and retreated to Taiwan. Neither PRC nor ROC see each other as a ligitimate government of China. At least both constitutions claim largely overlapping territories. It's a stalemale over half a century.

How people are so casual about the facts is beyond me.

Made in Taiwan

[Joebert]

Spam, Made In Taiwan ?
Why doesn't that supprise me ?

Re:Survey Says?

[nettdata]

Except it's hardly ever the company itself that is doing the promotions... it's third-party people that target them and convince others, via spam, to invest in the company, which drives the prices up, which allows them to unload their own stock at a profit.

All while being 100% unrelated to the company.

Another way to create awareness among chinese

[himanshuarora]

Send spam to Chinese people. These people should not be deprived of any knowledge about their government. For the first time spam could be used for good purpose.

How to block Taiwan?

[Yez70]

Ok, so how come all the spam blockers don't just block the entire Taiwanese IP range?

Anyone care to disclose the ranges? :)

You forgot the legal reality

[lxt518052]

The two political bodies still don't see each other legally representing China. Territories in both constitutions overlap, if not identical. The citizens cannot travel to the opposite area by passport like most countries do. They need special arrangement. PRC issues Taiwanese Citizen Certificates to citizens from ROC. ROC issues Entry to Taiwan Certificates. These are the only legal travel documents if either people want to enter the other side. Note, the travel document issued by ROC is not called Entry to ROC Certificate, because mainland is legally also part of ROC. Taiwan, by ROC's own definition, is just the name of a region, not a country.

Legally, the civil war in the 40s has not finished yet. Neither side of the war has been eliminated. No treaty or cease-fire agreement was signed. Both sides just prefer not to fight for now.

This situation is very complicated. Indeed, it's getting more complicated as more political powers want to get involved in it. I think the best way to resolve it is to leave it to the Chinese people of both sides to sit down and talk. Any open foreign involvement and provocation from the Taiwan Independence side will risk a full-blown war in the region.

Re:China + China

[mlewan]

The article is not about senders of spam but of servers that control them. There is a huge difference.

Re:Uh, Taiwan IS CHINA !!

[iamplasma]

Welcome to 1999 !! Taiwan is SPECIAL, but it's still CHINA !!

No, that's Hong Kong that became part of China. Taiwan is that island off the coast that the Communists never captured in the civil war. For various political reasons it is rarely referred to as being a different country, but for all practical purposes it's a totally seperate country.

It all makes sense now!

[KefkaTheMad]

It's true! My fiance is from Taiwan, and she's always telling me that I need to 1NCREA5E MY P3RF0R|\/|ANCE 1N BEDD!!!!!

Re:What kind of a moron buy stock from spam?

[nettdata]

Huh? It doesn't take much to be able to buy stock online... hell, my MOTHER can do it with her online banking.

And who the hell would buy ANYTHING from spam? Oh yeah... lots of idiots. Same goes for Nigerian scams, etc.

It's just a different product, with next to no money trail because you're only benefitting from the idiots pushing the price up.

And as to the stock scam, just what money do you follow? People are making legit purchases, of a legit stock. The only bitch is that someone OTHER than the company is marketing it to push the price up so that they can sell at a profit.