by CIO Staff

U.S. Still World’s Top Spammer

Oct 14, 20053 mins

The U.S. is still the world’s top spammer, but the percentage of unsolicited commercial email originating from within its borders is dropping, according to a report published Wednesday by security vendor Sophos PLC.

U.S. computers were responsible for about 26 of the world’s spam during the six months ending in September 2005, the company found. This was a marked drop from the amount of spam originating in the country during the same period last year. In 2004, 42 percent of the world’s spam originated on U.S. machines.

“It has been lowering for awhile… for a number of reasons,” said Graham Cluley, senior technology consultant for Sophos. “One is the antispam task forces and the authorities and the ISPs in North America are getting much better at putting into practice methods that are lowering the amount of spam,” he said.

But even as the percentage of spam from the U.S. has been dropping, the increasing broadband capacity of South Korea and China has made these two countries more attractive sources for spammers, Cluley said. The percentage of spam originating in South Korea jumped from 12 percent to 20 percent over the past year. In China, it went from 9 percent to 16 percent, he said.

The total amount of spam being sent worldwide remains about the same, Cluley estimated.

Spammers often operate by using malicious software to seize control of an unsuspecting user’s PC, turning it into what is known as a “zombie.” Spammers will then assemble a large number of these zombie machines to send out their email messages.

Because of these tactics, countries that have widely available broadband and users who operate older versions of Windows are particularly attractive to spammers, said John Reid a volunteer with the Spamhaus Project, a worldwide anti-spam organization.

And while increased activity by law enforcement and the improved security features of Windows XP, Service Pack 2, have dampened prospects for some spammers, the most effective way to cut back on the problem would be for ISP’s (Internet service providers) to prevent most of their users from setting up servers that use the Internet standard “port 25” number, used to identify themselves as e-mail servers, Reid said.

“If it could be done tomorrow you’d just see spam just drop off the charts,” he said. “And while customers who had set up their own SMTP (Simple Mail Transfer Protocol) servers would be unable to send mail, the vast majority of users would not suffer, Reid said. “There’s no real need for granny… to connect directly from her cable modem to anyone’s SMTP server,” he said.

ISPs, have been reluctant to block port 25, however, primarily because it’s an expensive and time-consuming process, Reid said.

But when ISP’s have managed to block port 25, it has achieved noticeable results, he said. Several major Canadian ISPs are now engaging in this practice, according to Reid, and the percentage of spam originating in Canada has dropped dramatically.

In 2004, Canadian systems accounted for 7 percent of the world’s spam. In the latest Sophos numbers, Canada’s share has dropped below 3 percent.

Reid said he wasn’t surprised by these numbers. “The reason Canada has dropped is because Canada is way ahead in doing this,” he said.

Sophos arrived at its numbers by analyzing all of the spam messages it received during a six month period in its network of spam traps. It found that the top five spam-generating countries were as follows:

1. United States – 26.35 percent

2. South Korea – 19.73 percent

3 China – 15.70 percent

4 France – 3.46 percent

5 Brazil 2.67 percent

By Robert McMillan, IDG News Service