Slashdot Mirror
US and China Top List of Spam-Relaying Countries
jcatcw writes "On Thursday Sophos released a new set of global statistics pointing out the biggest spam relaying countries in the world. Toping the list between April and June of this year were the US and China. 'Sophos senior security consultant Carole Theriault said that while the U.S. remains the top spam dog, there results show an urgent need for countries to join together and take global action. "Once a machine is compromised, it is often used to send out spam for a variety of campaigns," she said. "In a matter of seconds, we can see compromised systems send messages on a dozen different topics from stock scams to diet drugs." Paul Ducklin, Sophos Asia Pacific head of technology, said that spammers are ready to "borrow" any computer illegally to send e-mail regardless of the location.'"
Too bad that "Great Firewall" doesn't work both ways. Shame, really.
Always going forward, 'cause we can't find reverse.
If you want to count the EU as one country(which the EU seems to want to do for things that benefit it, but seem wont to do when the statistics are less than flattering) Europe reigns supreme:
Europe now has six entries in the Dirty Dozen, which when combined, account for even more spam-relaying than the U.S.
Monstar L
U.S. and China being first is no surprise because you expect spam levels to match the Gross National Product of countries. If you divide by the GNP then South Korea and Poland are the ones that stand out.
Of course they're high in the list of spam relaying countries. They are on the butt end of a lot of spam.
It's because the people in countries sending the spam know who the real ousted prince of Nigeria is.
"Live as if you'll die tomorrow." Ridiculous. You could die later today.
From the article, it seems the list looks like this: (The article didn't bother to include an actual, readable list)
1 U.S. 19.6%
1 China 19.6%
3 South-Korea 6.5%
4 Poland 4.8%
5 Germany 4.2%
6 Brazil 4.1%
7 France 3.3%
8 Russia 3.1%
9 Turkey 2.9%
10 U.K. 2.8%
11 Italy 2.8%
12 India 2.5%
(others) 23.8%
The article states that the US and China have the exact same percentage, even though their numbers suggest that they measured in tens of percents. Isn't that a bit too much of a coincidence?
Also, they mention Europe tops the list if seperate countries are lumped together; however, if I collapse the 5 (not 6) E.U. members I get this list:
1 U.S. 19.6%
1 China 19.6%
3 E.U. 17.9%
4 South-Korea 6.5%
5 Brazil 4.1%
6 Russia 3.1%
7 Turkey 2.9%
8 India 2.5%
So I wonder what country they added to Europe; Russia? Or maybe Turkey?
.... to PCs on broadband connections, is it any surprise that the countries with the widest deployment of consumer broadband will be the source of most spam?
To get the mass public to be diligent about keeping there computeres zombie free, we need both positive and negitive encouragement. Negative: First a notice, then a fine for "pollution/disruption" of a public space, the internet. Positive: a government site with all the free blockers/cleaners/tools you need to keep your computer malware free.
Both would be needed because the free tools are already out there, but they aren't being used by enough people because they don't care to expend the effort to be a good net citizen. On the other hand it would be wrong to fine people if you don't supply a way for them to correct their problem.
We are all just people.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Seriously, all this says is that in the US and China, there lies the highest number of ignorant computer users. Not on a per-capita basis, just total. Yet another example of how statistics can lie and harry dies make things sound like whatever the author wants. Seriously if this isn't tagged 'slownewsday' within the first 30 minutes, it should be.
thanks for the spam microsoft
But you don't understand. In America, we're free to send spam. In China, they send spam because their government is evil.
the countries with the most bandwidth available to the general population, and which also have the greatest number of Windows installations and open mail relays, also produce the most spam. Hardly a surprising conclusion.
The higher the technology, the sharper that two-edged sword.
The U.S. is on top because of all the spambots ever since we let the unwashed come and play on the net. I can't tell you how many people I come across that have broadband connections and NO firewall or AV software whatsoever. They're all aghast when I explain what can happen when they don't have those things.
Whats really scary is that companies like Verizon and Cox send out wireless gear UNSECURED and with no instructions, or at least clear instructions on how to secure the network.
But in the case of China, it's government sponsored. So there is a big difference. In every case that I've gotten Chinese spam it's from one of the ISP's mail servers there.
Yeah! We're still #1 in SPAM relaying!
How do we rank in:
1. freedom of press
2. quality of journalism (ratio of quantifiable facts vs propaganda)
3. K-12 education
4. healthcare and life expectancy
5. government oversight and accountability
6. nonfiction national security (e.g., preventing unauthorized access across our borders)
Any ideas?
this is a problem that needs to be stopped at the source. Where do the spammers themselves come from, and who do they work for? Ultimately, they're all vulnerable. Stock spammers can be handed to the SEC (FTC?), pill spammers can get their drug supply cut off (find out which pharma company supplies the spam company, and negative publicity should do the rest). If that fails, there's always the 'sign the spammer up for tons of snail mail spam' trick.
As a mail provider I wouldn't be surprised that the US and china were the source of a significant chunk of spam. They (the US especially) have a LOT of email users. What I'm interested is the ratio of good email to spam email. For instance, if the US makes up for 90% of all email sent, then is it really that bad if it makes up 25% of the world's spam? On the other hand Mexico may make up 1% of the world's email, but 90% of the email coming from there could be spam.
The volume of spam should be taking in the context of the usage of email. The RATIO of legit emails to spam is a better indicator of where the spammers are coming from than volume alone
- Tempestdata
Windows!
Isn't it time that the world get tough, fine Microsoft $100 or so per incident and collapse all of Gate's charities while there at it? Just keeping Windows off the Internet would serve the same purpose, but destroying the cause would make people think twice about putting computers in the hands of complete idiots.
Does anybody know what this thing actually does? Microsoft seems to push it out often enough but does it actually do anything...?
The statistics seem to say it's just a placebo.
No sig today...
I bet that 99.9% of spam is *aimed* at America...
I mean I'm certainly not in a position to take advantage of a cheap USA mortgage and my TV isn't jammed with adverts for erection pills (I wouldn't even know what "cialis" was if not for the spam...)
No sig today...
I thought the USA was comparatively far down the list, despite being big. It's only information but this article from 2006 shows America down at 20.
What's more likely is the country with the most users has more tech-unsavvy users who get infected. Either that or they're just more likely to believe the "get free [insert something here]" flashing adverts and so have a higher infection/takeover rate.
I'm glad to see no mention of Pakistan in there. It used to be one of the biggest sources of spam until recently. I work for a large ISP here and we take spam seriously. We recently started blocking all outbound emails from customers, restricting them to our state-of-the-art (Linux + Exim + SA etc.) servers. Even now, a single Spamcop report can have offending customer's email completely blocked. Corporate user or no corporate user.
The bigger task is getting all the other ISPs in the country to agree to implement this instead of bending over backwards to please their customers and allow them to broadcast whatever their virus-infected PCs can conjure. The major technical players have formed a network-admins group which discusses such topics and so far, the response has been quite positive.
It will likely take a while before these types of policies are enforced in countries which are only just starting to get online.
Country with more guns has more gunshot deaths.
Country with pro-euthanasia law has more assisted suicides.
Communist East and Capitalist West both support spamming as source of finance...
Hand on, maybe that last one is unusual.
Their infamous "Great Wall" Internet censoring system can censor contents they don't want going into China, why can't they filter some of the spam coming out?
EvilCON - Made Famous by
Let's face it, the Great Unspoken Truth is that ALL of the relayed spam is coming through Wintel boxes. Want to end the spam problem overnight? Make PCs illegal, confiscate them and kill the people that make them.
China obviously needs more penis enhancement spam.
Sure baby, I'll give you my phone number...in Hex
Instead of just giving a top overall count of who's sending spam, how about a figure weighted by how many connected computers are in the country overall? If China sends a bit less than the USA, but the USA has 10X as many broadband connected computers, then Chinese computers are far more vulnerable to this sort of activity, and focus preventative measures there to mitigate the problem. Under those circumstances, the USA problem might be dealt with in a different way than the Chinese problem, but without this curcial information, who knows?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
I don't expect correct spelling and grammar from the editors of
US and China are also the top two harborers of SSH and FTP attackers (dictionary and brute force script kiddies). My auth.log and vsftpd.log files are evidence of that. This also reflects in the DenyHosts statistics. (Click the 'Country' link at the top of the page.)
/* No Comment */
Maybe I could brag here a bit...
a rth.png
I live in Finland. It's not on the list. That's hardly surprising because our population of 5 million would have hard time relaying enough spam to make it there even if we tried it. However...
The broadband penetration here is around 60%, which is in the top20 or maybe top10 in the world. The exact figure is rather irrelevant. Let's just say that it's within a few percent compared to the other top countries. Now, look at the zoomed map.
http://www.sophos.com/images/common/misc/zombie-e
If you can find Finland, you'll notice that there's exactly one single dot on the whole map. That's Helsinki region and its about one million inhabitants. One dot there, nothing elsewhere. Compare that to - say, Portugal. It has ten million people and it's riddled with dots. Sweden has 8 million people and plenty of dots. Even taking the population into account, you could say this broadband-heavy country is practically clean of spam machines. How's that possible?
Two words: responsible ISPs. If they spot a private machine spouting 5000 e-mails every minute, they kick you out and ask you to fix your machine. Often they even provide the necessary software. Try another ISP and it will happen again. We don't want to contribute to the spam problem. At some point your tubes will be cut. Period. Also, there are quite strong laws against spamming. Definitely nothing like the US you-can-spam act but a true ban on unsolicited e-mail marketing. Therefore domestic spam is nearly inexistent too.
This is not a perfect country. No need to get into a mudflinging contest, OK? I'm just using us as an example against the assumption that broadband penetration == lots of spam relays. There is something you can do if you really want. To get on the list, there must be ISPs who are willing to turn a blind eye. We don't.
No, I don't feel my freedom of privacy violated a slightest bit if they monitor my e-mail amounts. Tunnelling and encryption are perfectly legal here. And the ISPs hardly care about the content of my actual e-mails. Keep on killing the zombies. You have my full support.
News Flash:
The Earth is the largest spam relaying planet in the galaxy.
More at eleven.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
That doesn't make any sense. A placebo is a medicine that doesn't really fix a problem but works anyway because the person taking it thinks it does. If AV software doesn't fix a problem, it doesn't fix the problem, no matter how much you wish it did.
http://www.msnbc.msn.com/id/17805134/
Exactly what it says and is currently running.
Amen. Block email from China and US and spam will be reduced dramatically. Unfortunately, the head sysadmin where I work thinks we'd get a lot of complaints if we blocked the US. The grandparent post's argument isn't entirely without merit. Because of the percentage of legit email from the US, we can't even think about blocking the US. On principal we don't block China, but we think about it.
Loose lips lose spit.
Is it too late to say "We're number 1! We're number !" oh wait...
I am not an expert. If I am misled in something, please correct me.
Seriously, either make your point in person, or realize that I made a joke. Click on the linky if you are still confused.
Always going forward, 'cause we can't find reverse.
They really should have a default block of smtp servers, UNLESS specifically requested. I think that will take care of everyone nicely, it will stop the masses who dont even know what SMTP is from running zombies, and also accomidate the people that do want to
The defaults should be sane for the masses, with options for those that dont fit in that category.
The phrase "more better" is acceptable English. suck it grammar Nazis
If all ISPs block port 25 then botnet operators would program their zombies to use whatever email settings are there on the PC and send through the ISP's relay. As long asa few ISPs block port 25 sending directly is a better strategy for spammers. When the percentage of networks blocking port 25 would get higher than some threshold sending through the ISP servers with whatever filtering it has would become a better option for the spammer and the spammer would switch. This would be much more problematic for ISPs: dealing with a massive amount of spam trying to get out of their servers (instead of directly) might overload their outgoing email servics, would require huge resources in filtering outgoing mail, would create false positives with customers' legitimate outgoing mail being blocked on the way out.
So as much as blocking outgoing port 25 sounds nice and effective, it doesn't scale. On ther other hand port 25 "sniffing" might be good, expecially if it can lead to connecting the hijacked PCs to whoever uses them. But for this to work abuse fighters first need to abandon the idea that the most important goal is to catch the people that actually control the botnets. If a botnet is used to send spam on behalf of someone that paid someone else that hired yet another guy that paid a botnet operator for the service of using stolen resources then the one that provided the money for the operation should go to jail. And t's quite easy to determine who the advertiser is. So what's needed is to collect the data on actual spam messages going out of zombie PCs, choose those that are easier to locate, and put them in jail because they hired a criminal to work for them. If they can make excuses that they "didn't know" a crime is commited and without providing enough info to get the criminal then they should end up in jail. With just a few such cases there would be much less money flowing into spammers' pockets, and they'd be looking for another job...
Hopefully something is done about this SPAM.. My inbox gets really full these days !
Chris ,
Php Programmers.
China and the US are also the top Carbon Dioxide emitters! OMFG!
The EU is NOT a country and does NOT represent Europe as a whole. It is in fact a group of countries - and only represents 27 countries out some 47 European nations! I realise not many Americans know this but the EU is not a federal nation like the US. The EU is simply a group of cooperating nations.
And as for the statistics you were refering to - it tends to be popular to view them country vs EU group but there is no such country all the same. The EU has some of the largest economies so it's more interesting than say the poorest ex-communist non-EU European nation. You could find statistics that features European countries, and the US, versus the OECD average. That does not make the OECD a country!
This would be the only correct thing in your post - except Russia really should not be included in the European group for obvious reasons such as lacking democracy, terrible legal environment, organised crime and emerging economy status. Russia might belong to Europe for cultural, historical and geographical reasons - but not for social, political and economical reasons! Mexico is close to the US - but not exactly on even terms!