US and China Top List of Spam-Relaying Countries

jcatcw writes "On Thursday Sophos released a new set of global statistics pointing out the biggest spam relaying countries in the world. Toping the list between April and June of this year were the US and China. 'Sophos senior security consultant Carole Theriault said that while the U.S. remains the top spam dog, there results show an urgent need for countries to join together and take global action. "Once a machine is compromised, it is often used to send out spam for a variety of campaigns," she said. "In a matter of seconds, we can see compromised systems send messages on a dozen different topics from stock scams to diet drugs." Paul Ducklin, Sophos Asia Pacific head of technology, said that spammers are ready to "borrow" any computer illegally to send e-mail regardless of the location.'"

Instead of Top Overall

[Nom du Keyboard]

Instead of just giving a top overall count of who's sending spam, how about a figure weighted by how many connected computers are in the country overall? If China sends a bit less than the USA, but the USA has 10X as many broadband connected computers, then Chinese computers are far more vulnerable to this sort of activity, and focus preventative measures there to mitigate the problem. Under those circumstances, the USA problem might be dealt with in a different way than the Chinese problem, but without this curcial information, who knows?

Not that simple

[Anonymous Coward]

Maybe I could brag here a bit...

I live in Finland. It's not on the list. That's hardly surprising because our population of 5 million would have hard time relaying enough spam to make it there even if we tried it. However...

The broadband penetration here is around 60%, which is in the top20 or maybe top10 in the world. The exact figure is rather irrelevant. Let's just say that it's within a few percent compared to the other top countries. Now, look at the zoomed map.

http://www.sophos.com/images/common/misc/zombie-ea rth.png [sophos.com]

If you can find Finland, you'll notice that there's exactly one single dot on the whole map. That's Helsinki region and its about one million inhabitants. One dot there, nothing elsewhere. Compare that to - say, Portugal. It has ten million people and it's riddled with dots. Sweden has 8 million people and plenty of dots. Even taking the population into account, you could say this broadband-heavy country is practically clean of spam machines. How's that possible?

Two words: responsible ISPs. If they spot a private machine spouting 5000 e-mails every minute, they kick you out and ask you to fix your machine. Often they even provide the necessary software. Try another ISP and it will happen again. We don't want to contribute to the spam problem. At some point your tubes will be cut. Period. Also, there are quite strong laws against spamming. Definitely nothing like the US you-can-spam act but a true ban on unsolicited e-mail marketing. Therefore domestic spam is nearly inexistent too.

This is not a perfect country. No need to get into a mudflinging contest, OK? I'm just using us as an example against the assumption that broadband penetration == lots of spam relays. There is something you can do if you really want. To get on the list, there must be ISPs who are willing to turn a blind eye. We don't.

No, I don't feel my freedom of privacy violated a slightest bit if they monitor my e-mail amounts. Tunnelling and encryption are perfectly legal here. And the ISPs hardly care about the content of my actual e-mails. Keep on killing the zombies. You have my full support.

Re:Here's What I Don't Get About China

[eck011219]

Actually, why would they? China has proven itself to be quite pragmatically self-serving when it comes to money, and if more people are making money in China (above board or below), that's more money going into the general pot through purchasing power. So even if there are spammers in China reaping the rewards of an outgoing-only setup to bilk consumers, they're still spending more than other citizens on groceries, cars, homes, electronics, and so on. Just a guess, though -- I'm certainly no sociologist or economist.

Why would an ISP do it?

[hadaso]

If all ISPs block port 25 then botnet operators would program their zombies to use whatever email settings are there on the PC and send through the ISP's relay. As long asa few ISPs block port 25 sending directly is a better strategy for spammers. When the percentage of networks blocking port 25 would get higher than some threshold sending through the ISP servers with whatever filtering it has would become a better option for the spammer and the spammer would switch. This would be much more problematic for ISPs: dealing with a massive amount of spam trying to get out of their servers (instead of directly) might overload their outgoing email servics, would require huge resources in filtering outgoing mail, would create false positives with customers' legitimate outgoing mail being blocked on the way out.

So as much as blocking outgoing port 25 sounds nice and effective, it doesn't scale. On ther other hand port 25 "sniffing" might be good, expecially if it can lead to connecting the hijacked PCs to whoever uses them. But for this to work abuse fighters first need to abandon the idea that the most important goal is to catch the people that actually control the botnets. If a botnet is used to send spam on behalf of someone that paid someone else that hired yet another guy that paid a botnet operator for the service of using stolen resources then the one that provided the money for the operation should go to jail. And t's quite easy to determine who the advertiser is. So what's needed is to collect the data on actual spam messages going out of zombie PCs, choose those that are easier to locate, and put them in jail because they hired a criminal to work for them. If they can make excuses that they "didn't know" a crime is commited and without providing enough info to get the criminal then they should end up in jail. With just a few such cases there would be much less money flowing into spammers' pockets, and they'd be looking for another job...