Re: The Geography of Spam

[sgorman1 () gmu edu]

I should add that I meant to say it matches the fact we gets lots of spam from hijacked machines - not the 30% number.  
We have just been looking at a few machines, but would love to see or hear about anyone who has bigger datasets to work 
with.


----- Original Message -----
From: Brian Bruns <bruns () 2mbit com>
Date: Tuesday, March 2, 2004 11:23 am
Subject: Re: The Geography of Spam

> On Tuesday, March 02, 2004 11:11 AM [EST], sgorman1 () gmu edu 
> <sgorman1 () gmu edu>wrote:
>
> > Thought folks might find this blurb from Sophos on the geography 
> of Spam
> > interesting.  30% of Spam, they report, comes from hijacked 
> PC's.  Matches
> > pretty close to what we see across our network - i.e. all sorts 
> of stuff
> > from swbell.net
> >
> > o U.S. Routes More Spam than World Combined, Study Shows
> >
> > Paris -- Intentionally or not, the U.S. routes more spam e-mail 
> traffic> than the rest of the world combined, according to a new 
> study by
> > anti-virus firm Sophos. The study concludes that most of the 
> unsolicited> junk e-mails originate in Russia and then passes 
> through hacked computers
> > in the U.S. "More than 30% of the world's spam is sent from these
> > compromised computers, underlining the need for a coordinated 
> approach to
> > spam and viruses," said Charles Cousins, Sophos' Asia managing 
> director .
> > The U.S. accounts for a whopping 56% of the global spam pie, 
> followed by
> > Canada with 6.8%. Europe did not fair very well in the report 
> either, with
> > the Netherlands (5th), Germany (7th), France (8th), the U.K. 
> (9th) and
> > Spain (12th) all making the list.
> > http://www.sophos.com/spaminfo/articles/dirtydozen.html
>
> I guess I can say, that I can somewhat agree with what they are 
> saying, but
> the percentage seems to be a bit lower then what I would have 
> said.  With the
> recent round of viruses that seem to be designed to help spammers 
> hijack end
> user machines, I'd say the percentage is more towards 45-50%.  
> Sometimes its
> very hard to tell the difference between an open proxy, and a 
> drone running an
> open proxy (take the AHBL's proxy list, which is over 410,000 
> proxies listed,
> and our infected/hijacked machine count comes nowhere near that).
>
> Part of the reason why alot of the spam comes from outside of the 
> US is
> because US spammers need to hide their actual locations in order 
> to avoid
> getting snared by CAN-SPAM and similar.  This is why Ralsky bases 
> his spamming
> campaigns out of China, where the laws are more relaxed in terms 
> of this
> stuff, and is less likely to get yanked off of his net connection. 
> This is
> also why spammers have 'fronts'.  :-)
>
>
> -- 
> Brian Bruns
> The Summit Open Source Development Group
> Open Solutions For A Closed World / Anti-Spam Resources
> http://www.sosdg.org
>
> The Abusive Hosts Blocking List
> http://www.ahbl.org