U.S. World's Foremost Spam Nation In 2004 274
der Kopf writes "As reported by ZDNet, '42 percent of all spam sent this year came from the United States,' which makes the U.S. the unthreatened king of the 2004 spam hill. Number two on the list is South Korea (with 13.43%), while China can be found in third place (with 8.44%). The U.S. put out more spam this year than all the other countries in the top 12 combined." All depends who's counting, I guess.
And it's mostly coming from fucking idiots... (Score:5, Interesting)
If Comcast and Verizon spent half as much on cracking down on their moron customers as they do on mailers begging me to use their Internet services, they'd have this problem under control in no time.
A better question... (Score:4, Interesting)
Spamvertised web sites in China (Score:5, Interesting)
My understanding is that if you could close down the spamvertised sites, spam would largely be restricted to phishing attacks. If I didn't believe this, I probably wouldn't bother using spamcop!
Sure it will (Score:3, Interesting)
Re:The undisputed kings of bullshit (Score:5, Interesting)
Though I don't think hitting the corporations financially as punishment really works. Large corporations will typically build in potential losses from economic punishments for misdeeds into their business model. A company may knowingly release a product they know to be unsafe, and simply put a portion of their profits aside for paying out of court settlements to victims.
In essense, this is akin to saying that it's alright for me to go around killing people without fear of jail if I can afford to pay the victim's families a large portion of money.
What I'd like to see is criminal charges brought on descision makers in corporations who knowingly use unsafe methods to produce a product that they know to be dangerous. In other words, a manager who makes the decision to save $0.02 on each product produced by using a less safe part won't be hedging those cost savings against the potential court costs from the families his company's product kills, he'll be hedging it against the very real possibility that he himself may face prison time for multiple murder charges.
We cannot give large corporations exemption from responsibility on a human level. We see corporations as faceless entities, but there are always human beings behind the scenes making decisions on how that corporation acts. If we start making those humans accountable for the actions of the company for whom they make decisions, I think we'd start seeing quite a bit more safety, envrionmental and social responsibility in the corporate world.
Where it comes from, isn't always who its from.... (Score:1, Interesting)
Who is the real badguy? (Score:4, Interesting)
One of my friends, who work for a US based company, which sells cigarretes online. All this guy has to do is get some working email ids and send the mail drafted by the US based company. He does this from location outside US though. This guy has written a UserAgent (Robot) which goes to Yahoo and grabs the email ids at random and mails them. Untill this it looks very bad but if you see inside they do get enough business through this channel for their survival at least. They do not have any other business channel other than this and they are doing fine.
Even if this guy is generating the SPAM from the location outside US, he is doing it for his master sitting there in US.
Now, who is the real badguy?
Re:And it's mostly coming from fucking idiots... (Score:1, Interesting)
Re:Spamvertised web sites in China (Score:4, Interesting)
Not for long I suspect, I do quite a bit of statistical analysis of spam and there are definitely changes in progress. Over the two years or so, there has a swing from using open relays and "bullet proof" hosted servers to actually send the spam to using compromised boxes on broadband connections. This is reflected in the report; a move from IPs in China to those in DSL pools countries with sizable adoption of broadband connectivity.
The actual sites being spamvertised however have remained solidly in the traditional havens where ISPs with questionable anti-spam policies can be found. However, over the last few months in particular I have seen steadily growing numbers of spamvertised sites that are also being hosted in DSL pools, undoubtably on compromised boxes. From a spammer's perspective this is a no-brainer (no more hosting fees) so it's fairly obvious that this trend will continue I think.
There are both good and bad points to this. The bad is that it makes traditional SpamCop style IP reporting almost unworkable - there are so many unpatched boxes that an ISP has no chance at dealing with them all. It was a game of Whack-a-Mole to start with, only now the number of holes that the moles can pop up from has gone up by a few orders of magnitude. The good however is that DNSBLs of the actual domains being used instead of the IPs, such as the SURBL lists, that can be generated from SpamCop submissions are *incredibly* good indicators of spam - so keep up that SpamCop reporting!
More contentious though, is how ISPs might respond to this new spammer tactic. The simplest solution is probably going to be further restrictions on what an IP on a broadband connection can and cannot do. I expect to see more DSL services that are blocked prevented from running servers on certain ports, forced to send email through the ISP's gateway server, and possibly even outright firewalling of certain "remote access" ports like NetBIOS, RPC and so on.
Frankly, given the rising tide of spam, ever increasing port scans bouncing off my firewall and almost total apathy of J.Sixpack in keeping his/her PC patched, I'm getting more fond of this idea every day. What I'd like to see is ISPs offering "standard" DSL packages with the kind of restrictions I mentioned above stated up front, alongside an unrestricted "premium" package - it could even cost a little extra. Alternatively, there is the middleground approach that my ISP uses: you can't run an email server by default, but send tech support and email and they'll unblock port 25 for free and periodically check that you are not running an open relay.
One thing's for sure, if/when ISPs do respond to this latest spammer tactic, the spammers simply move the goalposts yet again. :(
U.S. head start on 2005 begins today (Score:5, Interesting)
All the people who came downstairs this year to find a shiny new Dell or Gateway under the tree should be getting their machines owned by spammers right about..... now. So prepare for another post-Christmas onslaught as the spammers play with all their newly-acquired toys.
~Philly
Re:And it's mostly coming from fucking idiots... (Score:3, Interesting)
I complained again, and they didn't do anything. I really can't imagine the computer on the other end is at all usable, because it's so busy trying to send spam.
Re:Wrong: China is Still # (Score:4, Interesting)
I hear all kinds of noise about how to deal with spam from the standpoint of broadband users running as unwitting spam relays. Everything from "make it the ISPs responsibility" to "require users to get training and get a license in order to get online". What is the real solution? I don't know, but anything that requires passing a Federal law will probably cause more harm than good. Doesn't mean they won't try to pass one, though.
Personally, I liken people that run unprotected, unpatched machines as being "bad neighbors". You know the kind: the one that lets his dog run free and crap all over your yard. Yes, I realize that most of these zombied systems are in that situation because of the ignorance of their owners. But if that neighbor started building a garage extension on your side of the property line, you wouldn't let him off the hook because he couldn't read a survey.
People don't really think of security as being a social issue as well as a personal one. I believe that most people want to be good neighbors, and would take steps if you reported their dog taking a dump on your property. But there are hundreds of thousands, if not millions, of zombies out there whose owners have no idea that their systems are crapping in everyone's back yard. Somehow, we need to close the loop on these people so they a. know that they've been taken over and b. give them easy, effective steps to take care of the problem. Tall order, I know. Comcast is heading in the right direction with their policy, but they need to let people know when they've been disabled, and why. Maybe they are now, I don't know.