China-S. Korea Combo Overtake U.S. As Biggest Spammer

Together, China and South Korea now account for more spam than the U.S.
While the U.S. retains the dubious title as the world's top spammer, its slice of the spam pie is getting thinner, said a report published Wednesday by a U.K.-based security firm. Together, China and South Korea now account for more spam than the U.S.

According to Sophos, which scanned all the spam messages trapped by its filters and categorized them by originating county, the United States was responsible for 26.4 percent of the globe's spam in the last six months., down from 41.5 percent in 2004 during the same stretch.

"It’s not the main reason, but one of the reasons is CAN-SPAM," said Graham Cluley, a senior technology consultant for Sophos, referring to the legislation that went into effect in January, 2003.

While other analysts have dismissed the impact of the CAN-SPAM Act -- going so far as to call it a "miserable failure" early in 2005 -- Cluley believes that prominent spammer prosecutions have contributed to the drop. But it's not the only factor driving the decline.

"ISPs have gotten better at blocking spam, they've gotten together to form anti-spam associations and task forces, and they've done a better job of educating their users about spam," Cluley added.

"And Windows XP SP2 is having an effect, what with its primitive firewall and its status center that tells users if their anti-virus signatures are out of date," said Cluley.

Spam could also be a victim of its own success, Cluley said. "It may be because more people and ISPs are running anti-spam software, but it could also be that spammers themselves are finding the spam market is not as lucrative as it once was. If I was a criminal just getting online, I wouldn't necessarily think that spam would be the thing to do." Instead, Cluley argued, former and potential spammers are turning to other e-criminal activities, including phishing and spyware, to make their ill-gotten gains.

Even as the U.S.'s part in spam slips, other countries, especially South Korea and China, have stepped up to fill the gap. In the first half of 2005, South Korea accounted for 19.7 percent of the world's unsolicited e-mail, up from 11.6 percent in 2004. China, meanwhile, was responsible for sending 15.7 percent of all spam this year, compared to just 8.9 percent last year. Together, they account for slightly more spam than does the U.S. alone. In 2004, China and South Korea combined were responsible for less than half as much spam as the United States.

It's easy to understand why China's participation is growing, said Cluley: simple math. "There's a vast number of computers available to spammers in China.

"South Korea, though, is a unique story. It's so high on the list because it has an incredibly dense Internet infrastructure. By some reports, as much as 90 percent of home computers in that country use high-quality broadband connections to the Internet."

That's exactly what spammers are after. Most spam continues to come from zombies, PCs hijacked by hackers, collected into networks, and then rented out to spammers. Sophos claims that approximately 60 percent of all spam originates from zombies. "That number, if anything, is an underestimate," said Cluley.

Defending a computer against hijack, said Cluley, is easier if Windows XP SP2's installed on the PC. "Generally, SP2 computers are relaying much less spam than those running other versions of the operating system." It's why the U.S. and Canada have seen their part in spam drop so dramatically, and conversely, why countries like China, where PCs are more likely to be running older versions of Windows, are responsible for more spam than ever.

If everyone does his or her part, he added, spam could be slammed. "We're all sick to the back teeth of spam, but we all can make a contribution by not buying from spammers and securing our home computers with the latest operating systems and patches."

Editor's Choice
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
John Abel, Technical Director, Google Cloud
Cynthia Harvey, Freelance Journalist, InformationWeek
Christopher Gilchrist, Principal Analyst, Forrester
Cynthia Harvey, Freelance Journalist, InformationWeek