India Tops List of World’s Biggest SpammersWritten by Malcolm James on October 23, 2012
There’s been a long tradition, or at least it seems that way, of certain countries carrying the dubious honor of being responsible for the production of email spam. Right or wrong, when one is asked to list countries associated with the nasty stuff, Africa and Russia are usually evoked. Perhaps it was true at one point. The long history of places like Nigeria’s 419 spammers, or the frequent tales out of Russia revealing just how badly behaved some of their citizens can be, have perhaps unfairly painted these nations with the big red brush of spam shame.
Recently, Australia topped the list of the world’s spam producing countries, no doubt raised some eyebrows. It’s safe to ask: why isn’t it possible that the land down under has developed some enterprising young criminals who would rather steal from others than get a real job? And the answer is still the same. When new studies appear touting new countries topping the list of shame, it’s tempting to take the news with a grain of salt. As mom always said, stop and think about it. Does it make sense? Can you see our way to the truth by considering the veracity of the argument? This seems to be the best approach when considering the new study by security firm Sophos Labs.
According to Sophos, you can thank India for “about one out of six spam messages cluttering your inbox.”
Between July and September, 2012, India came in as the number one spam producing country, being responsible for 16.1% of the world’s unwanted email. Here’s the list of shame:
|Rank||Country||% of World’s Spam|
Sophos points out that “India is home to 5.3% of the world’s internet users, making it the third most connected country, after China and the US,” although Sophos also points out an interesting disparity: “At the same time, only 10.2% of the country’s population uses the internet, which equates to a dearth of security measures to protect the region’s computers.”
These facts, combined with the fact that the country also has 1.2 billion people, it’s not a stretch that the country represents a top source of spam. In fact, India has topped the Sophos list before, albeit in the first quarter of this year, it came in at a more conservative 9.3% of the world’s spam production.
But Wait! There’s More!
A key fact begins to unravel the news. Sophos points out that while the source may be India:
“the numbers suggest that many of the country’s ill-protected machines have been turned into spam-spitting zombies in botnets.”
In fact, it’s even the case that India is a victim, not just in the zombieism that’s turned the country’s computers into some other spammers’ bitches, but also in the fact that Indian computers are the target of online threats as well, according to Sophos.
Also notable in the list are the high (#2) ranking of Italy and the first time Saudi Arabia has shown up on Sophos’ radar, coming in at #4.
Drawing from the Sophos study, The Business Standard points out that this “is likely caused by the Festi botnet which successfully infected many computers there in August and then used the computers to swamp the rest of the world with large quantities of spam.”
Additional newbies to the list including Turkey and Germany, and countries like Pakistan, Russia, and Poland have dropped off the list this quarter.
If there’s any takeaway here, it’s that these lists are exceptionally deceiving (not Sophos, just the lists) in representing where the world’s spam is really coming from, and that usually equates to the spammers just getting smarter. They’re using botnets and any number of other circuitous methods to work their black magic. As such, it’s practically impossible to determine where the spam is really coming from, and that just sucks, because it means stopping them has become that much more difficult.
Let’s face it: spam is an international business, and in the same way that the Internet tore down borders and made the world a global village, new technology and changing laws have made spam production a moving target. All you can do is continue to filter it, keep your users well-informed, and hope for the best.