US wins 'spampionship' but zombies everywhere help spew

The U.S. is officially the world’s capital for spam-spewing zombified computers after taking top spot on the 2013 Dirty Dozen Spampionship league table.

Security software firm Sophos has revealed the results of the top spam-relaying nations. Once again it was the U.S. which collected the title, generating 14.5 percent of the total spam volume sent.

However, the gap to second place narrowed, with China reemerging as a major player in the spam sending Dirty Dozen, leaping from 4.6 percent to 8.2 percent, while Russia’s spam contribution edged up from 3.0 percent in Q3 to 5.5 percent.

The Dirty Dozen results were compiled to show where in the world are the origins of the greatest volumes of spam during the final three months of last year. Sophos senior security analyst Paul Ducklin said the most obvious message of the Dirty Dozen charts was that the problem of zombified computers spewing spam is truly a global one.

”Every region of the world is strongly represented, with the exception of Africa,” Ducklin said. What's more, many contributors are unwitting accomplices.

Spammers have unwitting helpers

Spammers don’t send spam themselves: they use botnets, or “zombie armies” of malware-infected computers to distribute their spam for them, almost always without the owners of the infected computers being aware. In most cases, the countries in the Dirty Dozen made it onto the list because a statistically significant proportion of their residents were conducting business online using computers that were actively infected by remote-control malware, Ducklin said.

spam

”So the spam aspect is just a symptom—the start of the problem,” he added. ”Zombie malware means the crooks are already on the inside. It’s up to you to turf them out.” Compared to the U.S., the results show things have stayed pretty stable.

Belarus retained its top spot, with the average computer there over ten times more likely to send spam than if it were in the U.S.

Meanwhile, other countries such as Uruguay, Taiwan, Luxembourg, and Macedonia continue to jockey for positions in the top 12.

The only significant move came from Kuwait, with figures showing there had been almost a three-fold increase in spam-relaying per capita, growing from 2.1 times the U.S. figure per capita, to 6.07, to elevate it to second place in the table. According to Ducklin, the Spampionship League Tables are not intended to suggest that individual nations are actively involved in illegally sending spam, but are designed to raise awareness of just how many computers are potentially infected with spam-relaying malware.

“If your country isn’t in the Dirty Dozen, it’s easy to feel smug, or at least complacent,” he said. ”Don’t do that: if you’re a spam sender, Dirty Dozen or not, you are a net positive contributor to cybercrime.”

Subscribe to the Security Watch Newsletter

Comments