The Geography of Spam

Brian Bruns bruns at 2mbit.com
Tue Mar 2 16:23:14 UTC 2004


On Tuesday, March 02, 2004 11:11 AM [EST], sgorman1 at gmu.edu <sgorman1 at gmu.edu>
wrote:

> Thought folks might find this blurb from Sophos on the geography of Spam
> interesting.  30% of Spam, they report, comes from hijacked PC's.  Matches
> pretty close to what we see across our network - i.e. all sorts of stuff
> from swbell.net
>
> o U.S. Routes More Spam than World Combined, Study Shows
>
> Paris -- Intentionally or not, the U.S. routes more spam e-mail traffic
> than the rest of the world combined, according to a new study by
> anti-virus firm Sophos. The study concludes that most of the unsolicited
> junk e-mails originate in Russia and then passes through hacked computers
> in the U.S. "More than 30% of the world's spam is sent from these
> compromised computers, underlining the need for a coordinated approach to
> spam and viruses," said Charles Cousins, Sophos' Asia managing director .
> The U.S. accounts for a whopping 56% of the global spam pie, followed by
> Canada with 6.8%. Europe did not fair very well in the report either, with
> the Netherlands (5th), Germany (7th), France (8th), the U.K. (9th) and
> Spain (12th) all making the list.
> http://www.sophos.com/spaminfo/articles/dirtydozen.html

I guess I can say, that I can somewhat agree with what they are saying, but
the percentage seems to be a bit lower then what I would have said.  With the
recent round of viruses that seem to be designed to help spammers hijack end
user machines, I'd say the percentage is more towards 45-50%.  Sometimes its
very hard to tell the difference between an open proxy, and a drone running an
open proxy (take the AHBL's proxy list, which is over 410,000 proxies listed,
and our infected/hijacked machine count comes nowhere near that).

Part of the reason why alot of the spam comes from outside of the US is
because US spammers need to hide their actual locations in order to avoid
getting snared by CAN-SPAM and similar.  This is why Ralsky bases his spamming
campaigns out of China, where the laws are more relaxed in terms of this
stuff, and is less likely to get yanked off of his net connection.  This is
also why spammers have 'fronts'.  :-)


-- 
Brian Bruns
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
http://www.sosdg.org

The Abusive Hosts Blocking List
http://www.ahbl.org




More information about the NANOG mailing list