Spammers versus spam senders
There’s a big difference, because spammers generally don’t send their own spam in bulk any more. That hasn’t worked for a decade or so, because if you send 10,000,000 unwanted emails as fast as you can from the same server, or even the same data centre, you make an easily-identified target. So 1,000,000 of the messages might get loose before either the data centre (if it cares, and reputable ones most definitely do) or the majority of your recipients, or both, say, “No more!” Not only are you blocked from sending the remaining 9,000,000 emails from your truncated campaign, you probably can’t use those same servers again for days, weeks, months, perhaps ever.
How spam is delivered
Enter the botnet, or robot network. That’s an unwitting collection of surreptitously co-operating zombie computers – in homes, at offices, in coffee shops, at the mall, by the beach – that regularly call home for instructions to servers that the criminals control. The crooks can send each bot in the network a list of email addresses, and then command the entire botnet to start a giant spam campaign. Using bots, those 10,000,000 spams can be sent, say, in 10,000 batches of 1000 emails at a time, presenting a much less obvious pattern to those who defend against spam. (And sticking those 10,000 bot-infected users with the cost of the bandwidth, if you don’t mind.)
Why spam matters
I used the words “unwitting” and “surreptitious” above because, although some users may knowingly participate, the majority of botnet spam senders don’t even realise they’re doing it. That’s why we publish the SPAMPIONSHIP tables: not to lay wholesale accusations of cybercriminality against entire countries, but to raise awareness of something we’ve said a number of times recently, since it’s Cyber Security Awareness Month:
If you don’t make an effort to clean up malware from your own computer, you aren’t part of the solution, you’re part of the problem.
We’re not pointing fingers here at anyone who ever made a mistake and ended up infected by malware, but we do want you to be mindful of the consequences of inaction. For as long as you fail to do anything about spambot malware on your computer, you’re actually helping the crooks to make money, and putting the rest of us, no matter how modestly, in harm’s way.
The SPAMPIONSHIP tables
And with those firm-but-fair words behind us, here are the latest figures showing spam by volume on a country-by-country basis:
As you can see, the top of the table is surprisingly consistent, with the countries in the first five places having all been in the Dirty Dozen throughout the year. Of course, you probably expected to see India and China in the list: they each have populations exceeding 1 billion people, so it would be surprising not to see them near the top. Nor is is surprising that the USA is in the Number One spot yet again, this time sending nearly three times as much spam as second-placed Belarus. After all, the US has 30 times the population of Belarus, and internet access is much more strongly established, so you would expect a higher proportion of Americans to have their own computers and to use the internet regularly. It’s when we turn the SPAMPIONSHIP into a per capita comparison that things get interesting:
Here, the numbers next to each country denotes the average spamminess per person compared to the USA. In other words, we divided each country’s spam total by its population, then divided every country’s spam-per-person value by the figure for America. Obviously, that makes US = 1.00, and tells us that the average computer in Belarus was eleven times more likely to send spam than if it were in the USA. Israelis, whose propensity for sending spam sneaks the Middle Eastern country into twelfth place on chart for the first time this year, were 1.8 times as likely as Americans to be spam senders. The per capita chart doesn’t do any favours to small countries, which tend to hide near the bottom of volume-only lists, even if their computers are awash with zombie malware. US neighbour The Bahamas, for example, made it to eighth spot, with double the likelihood of its computers spamming compared to the US. Luxembourg got up to fourth spot, with a spammishness 2.7 times than of the US, up from sixth in Q2 and seventh in Q3.
You can read the original article, here.