To help raise awareness of the continuing plague of spam worldwide, Sophos releases a quarterly list of the Dirty Dozen spam-relaying countries. Coming in first place in our latest ranking, for the fourth quarter in a row, is the United States; followed by China, Russia, Belarus and Ukraine. Our research shows that zombie computers in the U.S. were responsible for sending 14.5% of spam worldwide, far ahead of any other country.
When you consider that the U.S. has a population of more than 300 million people, a large chunk of whom have computers, it shouldn’t be surprising that spam volume from the U.S. is so large. China meanwhile has a population of 1.3 billion people, so it has its fair share of spam-sending zombies, representing 8.2% of all spam. India, with a population of 1.2 billion, ranks sixth with 3.8% of spam coming from that country.
Looked at another way, when we divided spam volume by a country’s population, we see that smaller countries have an even bigger spam problem than America.
On a per capita basis, Belarus shoots to the top of the list, followed by Kuwait, Taiwan, Kazakhstan and Uruguay. Even tiny Luxembourg makes this list because computers in that country are more than twice as likely as a computer in the U.S. to send spam.
Paul “Duck” Ducklin, Senior Security Analyst at Sophos, writes at Naked Security about the Dirty Dozen “Spampionship” among countries; and he reminds us why the spam problem is more serious than just annoying. As Duck explains, spam comes from computers that are part of a botnet operated by cybercriminals. And that means spam-sending zombie computers have malware on them that could be used for even more nefarious purposes.
“The spam aspect is just a symptom—the start of the problem,” Duck says in an interview with SCMagazineUK.com. “Zombie malware means the crooks are already on the inside. We don’t know what else [cybercriminals] are doing inside networks.”
Battling the botnets
How do we fight back against spam and related threats? ISPs, national law enforcement, and companies like Microsoft certainly aren’t taking the problem lying down. At the beginning of December, the masters of the ZeroAccess botnet had essentially given up after Microsoft and law enforcement struck at ZeroAccess’s command and control servers.
But we can all do our part to stop spam, and it begins with keeping our computers free from the threats that harness our PCs within botnets. Remember: if your computer is infected with zombie spam-sending malware, you are part of the problem!
Sophos Techknow Podcast: Understanding Botnets
In this episode of our Techknow podcast series, Paul Ducklin chats with SophosLabs Senior Threat Researcher James Wyke about what botnets are, how they work, and why we all need to do our part to fight back against them.
Listen to the podcast below or on Soundcloud, or download the MP3 for listening later.
Sophos Email Security
Sophos blocks spam and email-borne threats. Our Email Appliance is ideal if you want an appliance dedicated to message security with advanced DLP and easy policy-based encryption. Or, if you prefer consolidating your network security into a single appliance, our UTM with integrated email protection is for you.
Learn more about email security from Sophos and find out how to sign up for a free trial.