Slashdot Mirror
Sophos Reveals Latest Spam-Relaying Countries
An anonymous reader writes "For the first time in more than two years, the United States has failed to make inroads into its spam-relaying problem. The U.S. remains stuck at the top of the chart and is the source of 23.2 percent of the world's spam. Its closest rivals are China and South Korea, although both of these nations have managed to reduce their statistics since Q1 2006. The vast majority of this spam is relayed by 'zombies,' also known as botnet computers."
I'm not sure why they divide by country. Are they implying that the laws and regulations of these companies should be stricter? Is this some sort of international contest to see who can restrict the rights of its internet users the fastest? The fact is that these nations are just relaying the spam. They might not be the origin of the spam so it's not like targeting a nationality will help.
Furthermore, these percentages don't appear to be normalized in any way. Does the United States contain more than 23% of the world's internet traffic? Probably. What about the sheer number of IPs assigned to citizens? Again, probably more than 23% of the world's total user population. Even if it isn't that high, it'd still show that countries like China are doing ok relative to the sheer number of users they have. I think this study only showed that spam is directly proportionate to internet usage. And nothing more.
Logically, you would divide by source or company or--better yet--ISP. I think the penalties should come from the companies that make money providing the internet service to the sources of the spam. Even if it's a bot or open relay for spam, the ISP should investigate it and shut it down. I honestly wouldn't be surprised to see Cox & Comcast show up on that list as they are so unbelievably careless.
I think laws against the internet service providers are in order to force this but it's difficult to track. That's why Sophos should publish names of internet service providers and drag them through the mud, I don't care about countries. And how about making the penalty for the ISP a bit tougher as in you get one warning about a particular user and then you're restricted from providing internet service?
In the end, you have to ask yourself--do we really want to make this a responsibility of all governments? I think the answer is 'no' considering that they can always just open up some operation in another nation and find an ISP dying for cash. Then you have to chase them there.
My work here is dung.
"Follow the money"
What's so hard here? The US has pushed for having banks and financial service companies to be more open with governments on who is doing what with transactions.
There's always the content, too. Just look in the emails and they have telephone numbers, web sites, the various means of seeing what these scumbags have to offer and how to contact them.
Educating the public is failing. Why? How many public service ads have you seen advising people how to protect themselves from being scammed, preventing identity theft, etc.? I've seen none. I see private ads OF the voice overs of the big dude with the girl's voice, where his identity has been stolen, I think it was for a paper shreader of all things.
Sophos must be with the terrorists as they are not proclaiming victory in the war on terror. Enough has been made of the suspicion (has anything been proved?) that terrorists raise funds this way. I wouldn't put it past them, but I also wouldn't put it past some russian teenagers with limited career potential in Putin's New And Improved USSR.
A feeling of having made the same mistake before: Deja Foobar
No wonder the tubes are jammed.
For the lack of a better sig.
... if you just opened up port 25 on EVERY machine and put some dummy SMTP recieve code behind it that did nothing else other than accept mail and then discard it, could we make it 500 million times harded for spammers to find an active and working open relay?
As impractical as it might be, I, being a software developer think the best way to go about removing this crap isn't on the receiving end. It won't be fixed by filters. It won't be fixed by blockers. The way to fix it is through putting some sort of tax, fee, whatever you might have it, on email getting sent.
Before you flip out and throw the "OMGOOSES MY FREEDOM" argument around, answer me this:
If you were being sent text messages to your cellphone, and being charged ten cents per text message, how long would you tolerate that?
The reason nothing is being done to combat this is due to the fact that when people spend hours cleaning off spam, they aren't even thinkinga bout the "Time = Money" equation. If they were, I think they'd be pretty hot about getting the senders punished.
My experience is that around 60-75% of the spam I receive comes from China. On my home mail server I finally broke down and started blocking the worst offending subnets and the amount of spam I received dropped dramatically. There is a RBL for China, cn.blackhole.us, or a combination of China and Korea (cn-kr.blackhole.us), though these are no longer listed and will likely disappear soon.
? country=$ctry`;
print join "\n", /([0-9\.]+\/[0-9]+)/g;
I also use several other RBLs which have helped a lot.
I also decided to add the worst offending subnets in China as rules for my firewall to block. The worst offending subnet is 221.208.208.x where my firewall reports an almost constant barrage of IM spam, and from what I've read, this subnet has been a problem for years.
For your own blocking, the following script will get all the subnets used by China (or any other country you're interested in, just change $ctry):
#!/usr/bin/perl $ctry = shift || 'cn'; $_ = `wget -O - http://www.apnic.net/apnic-bin/ipv4-by-country.pl
At work, where I cannot do this, most of my spam is also received from China.
Out of the rest of the spam I receive, the US is actually pretty far down on the list of sources, though still much higher than places like the UK, Germany or France. The rest seems to come from places like Poland, Romania and Estonia.
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
It already exists, its called an SPF record. Its been around for years now and 95% of domains don't have one.
There is also nothing stopping the spammers from using SPF, and they do. In fact, in many surveys the spammers are registering domains and using SPF *more* than legitimate users are. SPF does mitigate some spoofing issues, but that's about it.
On its own its proven worthless. As part of more cohesive anti-spam strategy it might prove to have some value.
Alternatively, if the spammer/zombie computer has port 25 open itself, have a netfilter rule that rewrites the destination address to that of the sender, increases the TTL, and sends the packets back in duplicate. Again, this is a resource-draining scheme. If it's an open relay, it'll get the spam and resend it. I believe the hop count for SMTP is something like 30 and each packet will go two ways along the wire, so it'll take 2^31 as much bandwidth overall, if a sufficiently large number of users set up this kind of loopback. Companies that simply don't care if their machines are zombies will suddenly notice a degradation of their networks but any packet monitoring they do will show all of the packets to have the IP addresses of their machines for both source and destination. At least some will zombie detox to save their sanity.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
I see this illistrated every time I listen to the podcast of Leo Laporte's KFI radio show. Every show he has at least one call about spyware where he tells people the exact same things: Get a router, run spybot, adaware, windows defender. The people seem so clueless when he tells them that. I can understand that people aren't experts on things, but it is litterally the same advice every week. Weren't these people listening last week? If they've never listened before, then how did they know about the show in the first place? It just baffles me. Whether or not you think that is the best advice, I just don't understand how these people haven't heard it before.
http://www.popularculturegaming.com -- my blog about the culture of videogame players
I see a number of people asking the question "But how many computers are there per country?" I found the numbers at:
http://www.c-i-a.com/pr0904.htm
Here's what they show. I've added the % of spam coming from each country as the last entry in each line:
Top 15 Countries in Internet Usage
Internet Users (#X1000) Users% Spam%
1. U.S. 185,550 19.86 23.2% of spam
2. China 99,800 10.68 20.0%
3. Japan 78,050 8.35 1.6%
4. Germany 41,880 4.48 2.5%
5. India 36,970 3.96 N/A
6. UK 33,110 3.54 1.8%
7. South Korea 31,670 3.39 7.5%
8. Italy 25,530 2.73 3.0%
9. France 25,470 2.73 5.2%
10. Brazil 22,320 2.39 3.1%
11. Russia 21,230 2.27 N/A
12. Canada 20,450 2.19 N/A
13. Mexico 13,880 1.49 N/A
14. Spain 13,440 1.44 4.8%
15. Australia 13,010 1.39 N/A
Top 15 Countries 662,360 70.88
Worldwide Total 934,480 100
It looks like the USA's numbers are right about on track with most other countries with China way out in front as to percent of the spam problem compared to percent of Internet connected computers. What's this? France has twice the percent of spams relaying through their country compared to the percent of Internet users? For shame!
But why is the rum gone?
Who says it has to be one or the other?
Your mom probably doesn't need to run an email server. Neither does 99% of other ISP users. The far less than 1% (of which I'm included) that need specific ports opened up can do so by working with the ISP.
That would eliminate 99% of zombie spam right off the bat, without significantly affecting anyone. It may take you 5 minutes on the phone with tech support, but it closes a HUGE whole that is actively exploited by the spammers.
Bye-bye spam. It also takes a way a LOT of the motivation for creating zombie machines, so bye-bye much of the spyware and viruses (not all, but probably a noticeable amount).
So we aren't sacrificing freedom for security. We're tolerating a 5 minute phone call for 1% of users so that everyone can enjoy the internet far, far more.
Well worth it, if you ask me. Absolutely nothing is lost. A whole lot is gained.
Lose Weight and Feel Great with Isagenix
The internet is very analogous to the highway system in most countries. Commercial drivers create increased risk to all drivers on the road, and thus require training and registration for the safety and benefit of everyone involved, including each other.
The commercial drivers could (and may) complain that it's unfair that they have to go through the hassle of getting licensed and registered, after all, each thinks he is a perfect driver and poses no risk whatsoever. But I think most people would agree regulation of commercial drivers is a good thing and everyone benefits.
Likewise, those (myself included) wanting to do more than normal with the information super highway would likely complain if we had to take an extra step before being able to do what we want on the internet, such as running a web server or email server. But again, I think the benefits outweight the inconvenience 100 times over. I could call my ISP and be added to their open ports list in 5 minutes (ONCE), but I easily spend 10 minutes A DAY on spam, and often more.
Mind you, this is only on dial up and broadband accounts. Most T1 lines, etc, used for business wouldn't need this requirement as they already have administrators that keep things secure and zombies to a minimum, and RBL's already deal with most of the rest.
Lose Weight and Feel Great with Isagenix