The Geography of Spam

• Previous message (by thread): The Geography of Spam
• Next message (by thread): Converged Networks Threat (Was: Level3 Outage)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On 2 Mar 2004, at 15:57, Michael Airhart wrote:
> > Somehow it seems like when you take into account the number of PCs on 
> > high speed connections, these numbers make a lot of sense.  The US has 
> > a large population of these PCs so yeah, duh, the US leads in 
> > compromised hosts.
> 
> Well, the report "Broadband Internet Access in OECD Countries" shows 
> that in 2002 only 36% of all broadband internet users were in the US. 
> That's a greater proportion than any other single country, but 
> according to that report most broadband subscribers are not in the US.
Correct, so spamsources outside US will continue to increase.
 
> The quoted report said "the U.S. routes more spam e-mail traffic than 
> the rest of the world combined", not "... than any other single 
> country".
Also correct. My own source (including @sophos) actually tell me the 
report of 30% from zombies is understatement, its likely to be over 50% now
and stil growing - typical setup for spammer (who is actually quite 
likely to be from US) involves getting dedicated server offhsore, such as 
china, korea, russia, brazil; then getting/buying initial set of zombies 
where some are thereafter used to scan for vulnerable hosts and infect 
them and most are setup to spew (or act as proxy for their offshore 
server that actually does the sending of) spam. 

> So it appears there might be other forces at work than simply "more 
> broadband users".
There are still some spammers sending directly (that are trying to operate 
within the law, provide postal opt-out - usually in Florida, etc). 

Additionally reasons for highier percentage in US that I can think of:
 1. Number of IPs assigned to US is quite a bit highier in percentage to what
 is assigned to rest of the world. If somebody is scanning fo find vulnerable
 hosts from entire net, their chance of finding US ip is quite high.
 2. In US every DSL line would have its own ip, sometimes more then one
 but in foreign countries, availability of ips to ISPs is still smaller
 then in US and some still use NAT and other means
 3. Outside US less number of people (as percentage of total population in 
 some country) have access to broadband and as such those who do are more 
 advanced in their computer skills and better educated (and know not to open
 attachments from unknown sources) where as in US number of "dumb" users 
 is highier just because the broadband has penetrated population at-mass.
 4. Some countries with high number of broadband users (such as Korea) are
 bad as source for email spam because of previous experience of them not 
 dealing quickly with abuse reports - those countries are simply blocked. 
 5. Because most target for spammers are in US, if spammer has choice between
 US and foreign proxies some may choose US because it will work better (some
 other may on the other hand choose offshore as its less likely to be traced
 to him, but usually with server already offshore they don't care that much).

There are probably other reasons I could not immediatly think of but as 
broadband penetration boom in US slows down and in other countries its just
picking up, the percentage of spam from US zombies will slowly go down.

-- 
William Leibzon
Elan Networks
william at elan.net

• Previous message (by thread): The Geography of Spam
• Next message (by thread): Converged Networks Threat (Was: Level3 Outage)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]