US and China Top List of Spam-Relaying Countries

jcatcw writes "On Thursday Sophos released a new set of global statistics pointing out the biggest spam relaying countries in the world. Toping the list between April and June of this year were the US and China. 'Sophos senior security consultant Carole Theriault said that while the U.S. remains the top spam dog, there results show an urgent need for countries to join together and take global action. "Once a machine is compromised, it is often used to send out spam for a variety of campaigns," she said. "In a matter of seconds, we can see compromised systems send messages on a dozen different topics from stock scams to diet drugs." Paul Ducklin, Sophos Asia Pacific head of technology, said that spammers are ready to "borrow" any computer illegally to send e-mail regardless of the location.'"

Great Firewall needs Reconfigured.

[Gabrill]

Too bad that "Great Firewall" doesn't work both ways. Shame, really.

Re:Seriously, think before you say **** like that.

[Gabrill]

Seriously, either make your point in person, or realize that I made a joke [wikipedia.org]. Click on the linky if you are still confused.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[cbiltcliffe]

Great Firewall needs Reconfigured.

I don't thought the Chinese government wanted to went to the trouble of this to make sure the rest of the world won't got their spam.

Europe getting in on the action too

[antifoidulus]

If you want to count the EU as one country(which the EU seems to want to do for things that benefit it, but seem wont to do when the statistics are less than flattering) Europe reigns supreme:

Europe now has six entries in the Dirty Dozen, which when combined, account for even more spam-relaying than the U.S.

Re:

[Tim C]

You do realise that the report was released by Sophos, don't you? This isn't a governmental thing, so trying to make it sound like the EU is trying to paint itself in a better light isn't really a valid point this time.

(Incidentally, Sophos is a British company, and we Brits are generally somewhat Eurosceptic; it's not at all surprising to see them not consider the EU as a whole. Mind you, the whole "not being a single country" thing might have something to do with it too...)

Re:

[El_Muerte_TDS]

EU is not Europe
Just like the USA is not America

(but that doesn't change the fact that there are 5 EU countries in that list totaling to 17.9%, less than the USA)

Re:

[tha_mink]

Just like the USA is not America

What? Yes it is. It might not be NORTH America, but it's America.

Re:

[tha_mink]

I suppose we could argue semantics [wikipedia.org] all day but in the end, you'd still be an AC cunt after it's all said and done....

Re:

[MrNaz]

Wow, so all those jokes about Canada being just another state were actually true?

I bet that 99.9% is *aimed* at America...

[Joce640k]

I bet that 99.9% of spam is *aimed* at America...

I mean I'm certainly not in a position to take advantage of a cheap USA mortgage and my TV isn't jammed with adverts for erection pills (I wouldn't even know what "cialis" was if not for the spam...)

Re:

[Joce640k]

The European results are skewed because they have far greater broadband penetration than the USA.

Re:

[Alan Doherty]

>>The European results are skewed because they have far greater broadband penetration than the USA.
>Are you going somewhere with this?

he's pointing out that bot infected-machine isnt directly related to rate of spam
its actually 33.6*modem-users+128*isdn/slow-broadband-users+256 *fast-broadband-users is related to number of spams
so a small number of spams from a country with much modem use means many more bot-infected pc's than the same number from a simmilarly populated contry where everyone is on

Re:

[iago-vL]

Interesting theory but you missed the key factor: dialup people are on when they're using the Internet (maybe, an hour or two a day?) whereas broadband people are on as long as their computer is turned on (up to 24 hours a day). So broadband people just have more time to send spam once their computer is owned up.

Re:

[GnuDiff]

> (which the EU seems to want to do for things that benefit it, but seem wont to do when the statistics are less than flattering)

Well, that is because EU is a union of a type which is pretty rare (if not unique) historically. Within EU there are (countries) proponents of the view that it should be more like a single country - including common foreign policy, for example, and those who want it to be as divided as possible, and only use EU for their own (typically, economical) goals. Depending on which peo

Re:

[evildogeye]

While Europe may want to be perceived as one country for trading purposes, this sort of data is so much more interesting to see on a country to country level. Each European country has such a unique culture, set of laws, and place on the Internet, that grouping them together would be somewhat pointless.

No Such Country

[andersh]

If you want to count the EU as one country

The EU is NOT a country and does NOT represent Europe as a whole. It is in fact a group of countries - and only represents 27 countries out some 47 European nations! I realise not many Americans know this but the EU is not a federal nation like the US. The EU is simply a group of cooperating nations.

And as for the statistics you were refering to - it tends to be popular to view them country vs EU group but there is no such country all the same. The EU has some of

Re:

[Joaz Banbeck]

I expect the spam levels to match the gross national stupidity. ( Measured by the number of people who have acomputer and think that is an appliance that they can use without understanding. )

Spam relaying? Of course!

[Valacosa]

Of course they're high in the list of spam relaying countries. They are on the butt end of a lot of spam.

It's because the people in countries sending the spam know who the real ousted prince of Nigeria is.

A more readable overview

[Anonymous Coward]

From the article, it seems the list looks like this: (The article didn't bother to include an actual, readable list)

1 U.S. 19.6%
1 China 19.6%
3 South-Korea 6.5%
4 Poland 4.8%
5 Germany 4.2%
6 Brazil 4.1%
7 France 3.3%
8 Russia

Re:

[JamesRose]

They almost definitely wrongly counted Turkey...

However ~23% is unaccounted for, and the countries in the EU are:
-- Austria
-- Belgium
-- Bulgaria
-- Cyprus
-- Czech Republic
-- Denmark
-- Estonia
-- Finland
-- France
-- Germany
-- Greece
-- Hungary
-- Ireland
-- Italy
-- Latvia
-- Lithuania
-- Luxembourg
-- Malta
-- Netherlands, The
-- Poland
-- Portugal
-- Romania
-- Slovakia
-- Slovenia
-- Spain
-- Sweden
-- United Kingdom

May I suggest that the countries that don't appear in the top 10 make up for a sig

Re:

[e_AltF4]

> They almost definitely wrongly counted Turkey___

I humbly dare to disagree.

> May I suggest that the countries that don't appear in the top 10 make up for a significant amount of the missing % and so the EU does infact containt the largest percentage.

The list is called "list of spam-relaying countries", that's probably why it's grouped by ___ drumroll ___ COUNTRIES :-)

my mail server - last 7 months by country code

CC ___ PCT
------------
US ___ 25.7
TR ___ 7.0
KR ___ 4.8
FR ___ 4.7
DE ___ 4.5
GB ___ 4.4
PL _

Since spam relays have shifted from servers....

[ptbarnett]

.... to PCs on broadband connections, is it any surprise that the countries with the widest deployment of consumer broadband will be the source of most spam?

Re:

[ptbarnett]

I thought the USA was comparatively far down the list, despite being big. It's only information but this article from 2006 shows America down at 20.

Read your own article citation and look at the first graph. Penetration (percentage of internet users on broadband) is a substantially different metric from deployment (number of broadband users).

Re:

[nacturation]

And the solution to zombies on broadband is really simple [google.com].
 

Re:Since spam relays have shifted from servers....

[ptbarnett]

And the solution to zombies on broadband is really simple.

Blocking port 25 outbound is a strategic nuclear strike, where all that is needed is a carpenter's hammer.

However, I wouldn't be opposed to it as long as:

• Applying for an exemption is as simple as filling out a online form, without talking to someone in an India call center and explaining why I want it done.

• Third-party mail servers universally implement port 587 (the Mail Submission Agent port), while requiring username/password authentication.

Re:

[nacturation]

I think at this point, a nuclear strike is what's required. If people want to run their own SMTP servers, they can apply for permission to do so. Otherwise, whitelist individual SMTP servers as you suggest, or use your ISP's servers where spam checking can be centralized.
 

Why would an ISP do it?

[hadaso]

If all ISPs block port 25 then botnet operators would program their zombies to use whatever email settings are there on the PC and send through the ISP's relay. As long asa few ISPs block port 25 sending directly is a better strategy for spammers. When the percentage of networks blocking port 25 would get higher than some threshold sending through the ISP servers with whatever filtering it has would become a better option for the spammer and the spammer would switch. This would be much more problematic for

Re:

[rtb61]

No it is far simpler. Forward spam to a government department, after ten complaints, the department contacts the ISP to force a disconnect warning upon the account holder. The account holder if they are a spammer can simply then stop sending spam, or if their machine has been compromised and they can do something to fix it. No why wont they do this, apparently there is no profit in it. What is good to see is that http://www.acma.gov.au/interforms/spam/spammatter s .htm [acma.gov.au] is working in Australia, so all that ne

Re:

[Opportunist]

The problem already starts way befor that: The problem starts at people not KNOWING jack about their PC. If they even knew that they could do such a thing as blocking a port (not to mention maybe have at least a hazy dream of what a port might be), they'd probably not be brainless clickmonkeys in the first place, thus not being spam relays.

The problem with this information is that it will most likely never reach the ones that do really need it. And they are usually also the ones whose primary concern is tha

IEPA

[Original Replica]

To get the mass public to be diligent about keeping there computeres zombie free, we need both positive and negitive encouragement. Negative: First a notice, then a fine for "pollution/disruption" of a public space, the internet. Positive: a government site with all the free blockers/cleaners/tools you need to keep your computer malware free.

Both would be needed because the free tools are already out there, but they aren't being used by enough people because they don't care to expend the effort to be a goo

Re:

[ewl1217]

I understand where you're coming from, but I don't think your idea of a fine is fair. I'm sorry for the car analogy, but it would be like fining somebody if their car was hijacked and the hijacker was caught speeding. Sure, they could have prevented it, but is it really fair to punish the victim? While I agree that people should take the responsibility to secure their computers and networks, I don't think that this is the proper way to go about it.

Surprising findings

[Phroggy]

Paul Ducklin, Sophos Asia Pacific head of technology, said that spammers are ready to "borrow" any computer illegally to send e-mail regardless of the location.

I'm shocked that spammers aren't more discerning in their choice of which hijacked computers to use when sending crap nobody wants to millions of e-mail addresses picked at random.

Whoa

[Anonymous Coward]

But you don't understand. In America, we're free to send spam. In China, they send spam because their government is evil.

In other words ...

[ScrewMaster]

the countries with the most bandwidth available to the general population, and which also have the greatest number of Windows installations and open mail relays, also produce the most spam. Hardly a surprising conclusion.

Not that simple

[Anonymous Coward]

Maybe I could brag here a bit...

I live in Finland. It's not on the list. That's hardly surprising because our population of 5 million would have hard time relaying enough spam to make it there even if we tried it. However...

The broadband penetration here is around 60%, which is in the top20 or maybe top10 in the world. The exact figure is rather irrelevant. Let's just say that it's within a few percent compared to the other top countries. Now, look at the zoomed map.

http://www.sophos.com/images/common/misc/ [sophos.com]

Re:

[ScrewMaster]

All I have to say is that, even though you feel your privacy isn't being invaded, it most certainly is. Worse yet, depending upon the long-term benevolence of government (any government) with regards to privacy is a mistake. You're taking the dangerous view that, since you aren't doing anything (currently) of interest to law enforcement, you are safe.

You're not.

Re:

[starrsoft]

Exactly. A much more interesting question would be: What country sends the most spam per internet connected computer? or What country sends the most spam per gigabit of international bandwidth?

But here's the catch

[kilodelta]

The U.S. is on top because of all the spambots ever since we let the unwashed come and play on the net. I can't tell you how many people I come across that have broadband connections and NO firewall or AV software whatsoever. They're all aghast when I explain what can happen when they don't have those things.

Whats really scary is that companies like Verizon and Cox send out wireless gear UNSECURED and with no instructions, or at least clear instructions on how to secure the network.

But in the case of

Re:

[ScrewMaster]

I don't know what the mean time to infection of an unprotected system is nowadays, but presumably it's on the order of minutes. ISPs like to bitch about the bandwidth consumed by spambots, but they don't seem to want to help their customers avoid being pwned. I do know that some of the DSL modems shipped by SBC (the ones with built-in wireless) have firewalls, but the regular models don't, my Comcast cable modem doesn't, and I've seen very few outfits that provide even basic firewall capability. Like most p

Re:

[cdrguru]

Problem is the "more secure" modem is pitched to the customer as something that is optional, good for more technical users and not really necessary for the "normal home user". The ISPs are making any more money off the more-expensive modem and they certainly aren't getting more customers that way.

However, if they tell someone all sorts of scary stories they just may lose a customer.

We are still in a developing market where the competitors are fighting for market share and penetration. Why ever in the worl

Re:

[ScrewMaster]

Because it would save them a lot of money if they didn't have millions of zombied Windows boxes burning up their capacity. Besides, it's not like any of the big ISPs really care all that much about keeping customers anyway.

It's all a matter of presentation. You don't need to tell a potential customer any scary stories, but you can simply recommend that the buy the better unit. Matter of fact, since a properly-protected customer will save you bandwidth charges, you could offer to knock a couple bucks off

Yay! We're still #1 at something!!!

[Anonymous Coward]

Yeah! We're still #1 in SPAM relaying!

How do we rank in:

1. freedom of press
2. quality of journalism (ratio of quantifiable facts vs propaganda)
3. K-12 education
4. healthcare and life expectancy
5. government oversight and accountability
6. nonfiction national security (e.g., preventing unauthorized access across our borders)

Any ideas?

Those statistics are EXTREMELY misleading

[tempestdata]

As a mail provider I wouldn't be surprised that the US and china were the source of a significant chunk of spam. They (the US especially) have a LOT of email users. What I'm interested is the ratio of good email to spam email. For instance, if the US makes up for 90% of all email sent, then is it really that bad if it makes up 25% of the world's spam? On the other hand Mexico may make up 1% of the world's email, but 90% of the email coming from there could be spam.

The volume of spam should be taking in the context of the usage of email. The RATIO of legit emails to spam is a better indicator of where the spammers are coming from than volume alone

Re:

[dwater]

That's not true.

It might make you feel better to think that because there is more email traffic there is more spam, but it doesn't change the facts about where the spam is coming from.

You could argue that your suggestion would be a more meaningful metric, but that's not what you argued...and I'd disagree anyway. It's just like with green house gas emissions - just because you use more energy doesn't nullify the fact that you're producing more green house gases.

Volume is volume.

Mod parent up

[fyoder]

Volume is volume.

Amen. Block email from China and US and spam will be reduced dramatically. Unfortunately, the head sysadmin where I work thinks we'd get a lot of complaints if we blocked the US. The grandparent post's argument isn't entirely without merit. Because of the percentage of legit email from the US, we can't even think about blocking the US. On principal we don't block China, but we think about it.

Re:

[dwater]

If that was his argument, then that's a fair point. That it was his argument, however, wasn't clear.

In any case, the point it seems to turn the discussion 'what to do about it' rather than 'who to blame', which isn't a bad direction to turn, I suppose - a lot more practical than blame :)

Being in China, I guess I might be guilty of being on the defensive on this issue, and so read his post in the wrong light. Apologies if that is the case.

There is a single cause:

[billsf]

Windows!

Isn't it time that the world get tough, fine Microsoft $100 or so per incident and collapse all of Gate's charities while there at it? Just keeping Windows off the Internet would serve the same purpose, but destroying the cause would make people think twice about putting computers in the hands of complete idiots.

 

Re:

[cdrguru]

Users!

When a user clicks on a link and is prompted to "run or save" some executable program what should they do? Of course, if the previous message told them to "just click run" they are going to just click the Run button. At least some percentage will.

With Vista it may prompt them half a dozen times with "Are you sure?" messages, but the users are no more capable of understanding these messages than they were the original one. So they click the "Yes, I'm sure!" button over and over again.

There is no sec

Re:

[dwater]

> while there at it?

It's "they're" - ie short for "they are".

I don't know if I'm alone, but I find it quite difficult to read when people get this wrong - it actually means something different, so the sentence needs another scan to figure out.

What about "Windows' malicious software removal"?

[Joce640k]

Does anybody know what this thing actually does? Microsoft seems to push it out often enough but does it actually do anything...?

The statistics seem to say it's just a placebo.

Re:What about "Windows' malicious software removal

[gkhan1]

That doesn't make any sense. A placebo is a medicine that doesn't really fix a problem but works anyway because the person taking it thinks it does. If AV software doesn't fix a problem, it doesn't fix the problem, no matter how much you wish it did.

Our efforts seem to be paying off

[aszaidi]

I'm glad to see no mention of Pakistan in there. It used to be one of the biggest sources of spam until recently. I work for a large ISP here and we take spam seriously. We recently started blocking all outbound emails from customers, restricting them to our state-of-the-art (Linux + Exim + SA etc.) servers. Even now, a single Spamcop report can have offending customer's email completely blocked. Corporate user or no corporate user.

The bigger task is getting all the other ISPs in the country to agree to implement this instead of bending over backwards to please their customers and allow them to broadcast whatever their virus-infected PCs can conjure. The major technical players have formed a network-admins group which discusses such topics and so far, the response has been quite positive.

It will likely take a while before these types of policies are enforced in countries which are only just starting to get online.

Re:

[aszaidi]

Although it is a big strain on our support personnel, we do open ports for users who insist on it. It is usually the non-technical customers that create the most fuss and when all their email gets blocked, refuse to accept responsibility for their infected PCs. The above step had to be taken for the overall good after our whole subnets became listed in DSBLs and the rest of the customers started to suffer.

Here's What I Don't Get About China

[Comatose51]

Their infamous "Great Wall" Internet censoring system can censor contents they don't want going into China, why can't they filter some of the spam coming out?

Re:

[eck011219]

Actually, why would they? China has proven itself to be quite pragmatically self-serving when it comes to money, and if more people are making money in China (above board or below), that's more money going into the general pot through purchasing power. So even if there are spammers in China reaping the rewards of an outgoing-only setup to bilk consumers, they're still spending more than other citizens on groceries, cars, homes, electronics, and so on. Just a guess, though -- I'm certainly no sociologist or

Re:

[dbIII]

One misleading factor is that the .cn domain names are very cheap and spammers were buying them up a few dozen at a time a bit over a year ago to get around filters that would only accept mail from resolvable domains. The name may have been in China but at that point the spamming machine was not, so at the time there were a lot of false reports of Chinese spam that could have been coming from anywhere. The other factor is there is now a lot more broadband there and apparently a lot of inexperienced comput

Re:

[Opportunist]

Of course not. Does it affect China? No. So? Duh.

Btw, it ain't different in any other country. As long as it only affects others, who cares?

Small Appendage DNA Pool

[Token_Internet_Girl]

China obviously needs more penis enhancement spam.

Instead of Top Overall

[Nom du Keyboard]

Instead of just giving a top overall count of who's sending spam, how about a figure weighted by how many connected computers are in the country overall? If China sends a bit less than the USA, but the USA has 10X as many broadband connected computers, then Chinese computers are far more vulnerable to this sort of activity, and focus preventative measures there to mitigate the problem. Under those circumstances, the USA problem might be dealt with in a different way than the Chinese problem, but without this curcial information, who knows?

Re:

[Goaway]

That wouldn't be so bad, if the first sentence had an actual subject.

Unless the subject is some kind of outfit named "On Thursday".

Script Kiddies as well

[Tarlus]

US and China are also the top two harborers of SSH and FTP attackers (dictionary and brute force script kiddies). My auth.log and vsftpd.log files are evidence of that. This also reflects in the DenyHosts statistics [denyhosts.net]. (Click the 'Country' link at the top of the page.)

Largest spamming planet

[flyingfsck]

News Flash:
The Earth is the largest spam relaying planet in the galaxy.

More at eleven.

Re:

[TheRaven64]

Really? How much spam are we relaying? I mean, we have SETI and friends listening for alien spam, but I don't think we're forwarding it anyway. We're pretty much a galactic honeypot for spam...

#1

[thanatos_x]

Is it too late to say "We're number 1! We're number !" oh wait...

ISPs should block smtp servers

[Tweekster]

They really should have a default block of smtp servers, UNLESS specifically requested. I think that will take care of everyone nicely, it will stop the masses who dont even know what SMTP is from running zombies, and also accomidate the people that do want to

The defaults should be sane for the masses, with options for those that dont fit in that category.

Astonishing Correlation

[EmagGeek]

China and the US are also the top Carbon Dioxide emitters! OMFG!

Re:

[Opportunist]

Well, both are mostly hot air.

I know there's a politician joke in there somewhere...