The Geography of Spam
sgorman1 at gmu.edu
sgorman1 at gmu.edu
Tue Mar 2 16:43:54 UTC 2004
I should add that I meant to say it matches the fact we gets lots of spam from hijacked machines - not the 30% number. We have just been looking at a few machines, but would love to see or hear about anyone who has bigger datasets to work with.
----- Original Message -----
From: Brian Bruns <bruns at 2mbit.com>
Date: Tuesday, March 2, 2004 11:23 am
Subject: Re: The Geography of Spam
>
> On Tuesday, March 02, 2004 11:11 AM [EST], sgorman1 at gmu.edu
> <sgorman1 at gmu.edu>wrote:
>
> > Thought folks might find this blurb from Sophos on the geography
> of Spam
> > interesting. 30% of Spam, they report, comes from hijacked
> PC's. Matches
> > pretty close to what we see across our network - i.e. all sorts
> of stuff
> > from swbell.net
> >
> > o U.S. Routes More Spam than World Combined, Study Shows
> >
> > Paris -- Intentionally or not, the U.S. routes more spam e-mail
> traffic> than the rest of the world combined, according to a new
> study by
> > anti-virus firm Sophos. The study concludes that most of the
> unsolicited> junk e-mails originate in Russia and then passes
> through hacked computers
> > in the U.S. "More than 30% of the world's spam is sent from these
> > compromised computers, underlining the need for a coordinated
> approach to
> > spam and viruses," said Charles Cousins, Sophos' Asia managing
> director .
> > The U.S. accounts for a whopping 56% of the global spam pie,
> followed by
> > Canada with 6.8%. Europe did not fair very well in the report
> either, with
> > the Netherlands (5th), Germany (7th), France (8th), the U.K.
> (9th) and
> > Spain (12th) all making the list.
> > http://www.sophos.com/spaminfo/articles/dirtydozen.html
>
> I guess I can say, that I can somewhat agree with what they are
> saying, but
> the percentage seems to be a bit lower then what I would have
> said. With the
> recent round of viruses that seem to be designed to help spammers
> hijack end
> user machines, I'd say the percentage is more towards 45-50%.
> Sometimes its
> very hard to tell the difference between an open proxy, and a
> drone running an
> open proxy (take the AHBL's proxy list, which is over 410,000
> proxies listed,
> and our infected/hijacked machine count comes nowhere near that).
>
> Part of the reason why alot of the spam comes from outside of the
> US is
> because US spammers need to hide their actual locations in order
> to avoid
> getting snared by CAN-SPAM and similar. This is why Ralsky bases
> his spamming
> campaigns out of China, where the laws are more relaxed in terms
> of this
> stuff, and is less likely to get yanked off of his net connection.
> This is
> also why spammers have 'fronts'. :-)
>
>
> --
> Brian Bruns
> The Summit Open Source Development Group
> Open Solutions For A Closed World / Anti-Spam Resources
> http://www.sosdg.org
>
> The Abusive Hosts Blocking List
> http://www.ahbl.org
>
>
More information about the NANOG
mailing list