Sophos Reveals Latest Spam-Relaying Countries

An anonymous reader writes "For the first time in more than two years, the United States has failed to make inroads into its spam-relaying problem. The U.S. remains stuck at the top of the chart and is the source of 23.2 percent of the world's spam. Its closest rivals are China and South Korea, although both of these nations have managed to reduce their statistics since Q1 2006. The vast majority of this spam is relayed by 'zombies,' also known as botnet computers."

Re:Why Divide By Country or Continent?

[Homology]

I'm not sure why they divide by country. Are they implying that the laws and regulations of these companies should be stricter? Is this some sort of international contest to see who can restrict the rights of its internet users the fastest? The fact is that these nations are just relaying the spam. They might not be the origin of the spam so it's not like targeting a nationality will help.

Once I saw some statistics that USA is the originator of most of the spam.

I've often wondered...

[Osrin]

... if you just opened up port 25 on EVERY machine and put some dummy SMTP recieve code behind it that did nothing else other than accept mail and then discard it, could we make it 500 million times harded for spammers to find an active and working open relay?

Do Americans have more, or just less secure, PCs

[supabeast!]

At first I was looking at the numbers and wondering if Americans just have so many more Windows machines than the rest of the big relays out there, but once the numbers get into the single digits (everything after the US and China) I quickly realized that most of the people in those nations are probably using the same OS - Windows - as people in the US. So is it simply that the US comes out on top because we have so damned many computers - as opposed to other nations where they're sometimes uncommon in households and people use internet cafes? Or is it not a PCs-per-capita issue, but an issue of people in the USA simply being to stupid/lazy/etc. to secure their Windows machines? If the former is the case, we're in for some nasty spam as PCs per capita increase, and there are ever more systems begging to be infected. If the latter case is true, what will it take to finally get Windows users to start securing their Windows boxes?

How about by the OS of the zombies

[shis-ka-bob]

It would be interesting to see this arranaged by the operating system of the infected computer. Given the frequency of infections by OS and the frequency of the OS on the internet, I can use Bayes theorem to deermine how suceptable a computer is to become a Zombie spammer. Im just guessing that this would not be flattering number for Microsoft, espicially the older versions of Windows. This sort of information could be used by Microsoft to encourage upgrades and by everyone else to recommend migrating from Windows altogether. In either case, this would give users actionable information to reduce risk - moving to a 'low spam' country simply isn't actionable for most people. As you pointed out, showing data by ISP would also be actionable. In either case, it allows for users to have some control.

Eliminate the zombies

[Dadoo]

I haven't been keeping up on my anti-spam measures, lately, so I'm not sure if this has been considered, yet. Wouldn't it be possible to simply add a DNS record that allows a mail server to verify that the machine trying to send it mail is authorized to do so, for that domain?

A machine that supports it could ask the sending domain "Is this machine allowed to send email on your behalf?" The sending domain could simply answer "yes" or "no". That would immediately eliminate all the zombies, for those people who wanted to upgrade their DNS and mail software. It would also be backward compatible for people who couldn't. The best part is that could be controlled by the domain administrators, rather than some government agency or black hole list.

Re:Eliminate the zombies

[vux984]

It already exists, its called an SPF record. Its been around for years now and 95% of domains don't have one.

There is also nothing stopping the spammers from using SPF, and they do. In fact, in many surveys the spammers are registering domains and using SPF *more* than legitimate users are. SPF does mitigate some spoofing issues, but that's about it.

On its own its proven worthless. As part of more cohesive anti-spam strategy it might prove to have some value.

Re:Spam Sources

[treeves]

I was surprised last week to get a piece of spam from a server at nih.gov.

Re:The thing that I've always wondered...

[99BottlesOfBeerInMyF]

...is how many of the zombie systems are actually deliberatly set up by the owner. Not some accidental "gone to the wrong web site" setup, but some "I'm gonna make some bucks serving spam" and then claiming they didn't know they were infected.

Probably very few. If it is your own system you have to pay for the bandwidth. Or for even less money you can rent time on a botnet that runs on two thousand exploited Windows boxes. There are even Web based interfaces that will walk you through sending your spam. People who want to run their own spam service on legitimately owned and linked machines have been priced out of the market. Both are equally illegal, so no motivation there. Sure there might be a couple run by someone clueless, but the numbers won't compare to the thousands a botnet herder can put together in an automated fashion.

I blame Bill Gates

[FlynnMP3]

Who designed or allow to be designed all the software that is used for spam, virus and other technodangerous programs? Sure, all the unwitting unsuspecting people out there that treat their computer as a black box should be ashamed of themselves. To use a windows computer safely these days requires a strong predilection to research and remembering security bulletins and knowing specifically how a computer does things. Which in of itself requires knowing about security models, social engineering, UI design and understaning geek lingo.

In short windows computers are no longer general use. Do you realize the implications of that statement? Well yes, of course you do gentle reader. Just this past month my mother called me her laptop died. Turned out a virus got in and overwrote some system files for Windows 2k. This is after telling her to not click on executables in emails, not answer any emails from banks without calling them, and plenty of other things that I read about daily. Even with constant reminders (voice and email) telling her to push the update button on AVG and looking at the results log and telling me if any red stop signs show up. She is now using a backup computer that I had laying around. This is Windows XP professional, installed with all the security trimmings (which shouldn't even be necessary on some level) of zone alarm, avg, and spybot - all setup to run automatically. I suggested that she get a mac mini for her next computer. She is thinking about it.

Yes windows has gotten better about educating users, but only after the situation is so bad that almost nothing can stop it. Vista betas already have viruses. That's insane!

Face it, this country has the most educated, nothing to do, do anything for business minded people ever. Heck the corporations are willfully fleecing the public and most of the them don't care that it's hapenning! "It's ok coming from us, because we use friendly advertising icons. /nod /nod".

Makes me sick.

Re:Why are ISPs so reluctant to deal with the bots

[bigbigbison]

I see this illistrated every time I listen to the podcast of Leo Laporte's KFI radio show. Every show he has at least one call about spyware where he tells people the exact same things: Get a router, run spybot, adaware, windows defender. The people seem so clueless when he tells them that. I can understand that people aren't experts on things, but it is litterally the same advice every week. Weren't these people listening last week? If they've never listened before, then how did they know about the show in the first place? It just baffles me. Whether or not you think that is the best advice, I just don't understand how these people haven't heard it before.

Port Blocking and interface?

[Midnight Thunder]

My provider prevents me from sending to SMTP ports outside of my domain, for better or for worse. This got me thinking:
    - would it be possible to selectivley block ports?
    - provide an ISP based UI, where you could unblock ports based on your account?
    - if both above are doable, what over head would this provide?
    - maybe provide different default configurations based on the type of user you are (technophobe, newbie, average home user, business user, power user, etc)
    - how well would such a solution go down?

Sure you could ask everyone to install the equivalent of zone alarms, but this is not always going to happen.

can't say I'm surprised - spam me me me!

[tota]

Last time I posted, I somehow offended a few americans who mistakenly took my attack on climate-change nay-sayers as an attack on America and americans as whole: it resulted in DoS on my sites and a joe-job campaign against my public mail servers.

Polute the world, polute our mailboxes, and be damned anyone who dares question whether this is moral or not!

Funny thing is: my spam filters are now much improved! Thanks!

Re:We can do better than that!

[sacbhale]

i think you are looking for this http://www.spamcannibal.org/ [spamcannibal.org]

Re:Why are ISPs so reluctant to deal with the bots

[Haeleth]

Anyway, users, as you said, aren't too bright. Just put the firewall setup and de-rootkitter (and whatever else) into a CD labled "Setup" and the user will pop that right in.

And their computer will be clean and safe... right up until the baddies start handing out their own CDs.

Re:We can do better than that!

[dargaud]

It's been thought of a long time ago, but spammers make a first connection, send a single test message, and if it doesn't get there (as you drop all messages), they won't use it. Only if the test has been successful do they drop their load, so to speak.