- Related Stories
-
Judge denies guilty plea in AOL spam case
December 21, 2004 -
Year in review: Seeking to squelch spam
December 21, 2004 -
ISP wins $1 billion in spam suit
December 19, 2004 -
FTC serves up fully baked spam recipe
December 17, 2004
Researchers at security software company Sophos found that 42 percent of all spam sent this year came from the United States, based on a scan by its researchers of a global network of honey pots--computers designed to attract spam e-mails and viruses.
Sophos said this is evidence that America's antispam legislation simply isn't working.
"When we released the first report back in February, the U.S. had the excuse that the Can-Spam Act had been in existence for only three months," said Graham Cluley, senior technology consultant for Sophos, on Friday.
Source of spam
Machines in the United States generate by far the largest amount of junk e-mail and other online pests.
Country
Share of
spam (percent)United States
42.11
South Korea
13.43
China
8.44
Canada
5.71
Brazil
3.34
Japan
2.57
France
1.37
Spain
1.18
United Kingdom
1.13
Germany
1.03
Taiwan
1
Mexico
0.89
Source: Sophos
South Korea and China came in second and third place, respectively, but together they sent just half as much spam as the United States.
Sophos warned that many spammers are using hacked PCs with broadband connections to send out their spam. This could explain South Korea's position near the top of the list, as it leads the world for broadband penetration.
"Spammers are motivated by one thing--quick, easy money," Cluley added. "There are plenty of spammers who have taken their money-making schemes to the extreme by hacking into innocent third-party computers in an effort to do their dirty work."
"Many of the computers sending out spam are most likely to have had their broadband internet connections exploited by remote hackers. Zombie computers--PCs that have been compromised by hackers or virus writers--are sending out over 40 percent of the world's spam, and many users who fall victim are unaware," he said.
Dan Ilett of ZDNet UK reported from London.
See more CNET content tagged:
Sophos Plc.,
spam,
spammer,
CAN-SPAM Act,
Graham Cluley
Working for an ISP, I have located these hacked PC's, and seen traffic signatures from the system uploading word lists to them. What I have learned from the traffic signatures is that they either use the same software, or the spammers share a lot of code. I have observed advancements in the SMTP engines used on these PC's over the past year or so.
I don't work in abuse, but I wonder how hard would it be to set up a honeypot and seek damages from these spammers? Is this information readily available for ISP's?
At this point, my bet would be with offensive tools similar to Lycos's first attempt (MakeLoveNotSpam) that was downloaded by more than 100000 people in just a few days. Such massive DDOS tools have the potential to coerce spam friendly website providers (or their upstreams) do stop their business relationship with their spammy customers. I eagerly await for more destructive alternatives to appear, and if it slows down traffic from China and Florida, so be it !