Spam watch – U.S. heads the dirty dozen

COMMENT ON THIS ARTICLE

A recent report by a British computer security firm has placed the United States at the top of its list of 12 spam-relaying countries.

While Canada didn’t make it on Sophos Plc.’s Dirty Dozen catalogue, one e-commerce expert says the country is far from being squeaky clean.

The U.S. is the source of 23.2 per cent of the world’s unwanted e-mail for the second half of 2006, according to Abingdon, U.K.-based Sophos. The U.S. was closely followed by China (including Hong Kong) at 20 per cent and South Korea at 7.5 per cent.

Other countries on the latest list are: France at 5.2 per cent; Spain, 4.8 percent; Poland, 3.6 percent; Brazil, 3.1 per cent, Italy, 3 per cent, Germany, 2.5 per cent, UK; 1.8 per cent, Taiwan; 1.7 per cent and Japan; 1.6 per cent. A motley of countries made up the remaining 22 per cent.

While Canada wasn’t one of the “dirty dozen”, this does not mean we do not contribute to the problem, said Michael Geist, Canada research chair of Internet and e-commerce law at the University of Ottawa.

“There is no reason to believe Canadian spammers are any less active – they are likely using servers in other jurisdictions to send their spam,” he said.

Geist said the Sophos report only tracked source computers of spam messages, and not the origin of the unwanted messages. He said Canada remains home to groups that are likely using servers in other countries to send their spam. “In fact, Canada is quickly becoming one of the only major Western countries without an anti-spam legislation.”

Earlier this year, Geist and other industry observers bemoaned the absence, in Canada, of anti-spam legislation.

This deficiency, Geist said, “could turn Canada into a haven for spammers seeking refuge from tougher laws elsewhere.”

Experts at Sophos scanned all spam messages received in the company’s global network of spam traps from April to June this year. “For the first time in more than two years, the U.S. has failed to make inroads into its spam-relaying problem,” said the report.

China and South Korea have made some progress reducing their contribution to the menace, but from the U.S. number has remained virtually unchaged since the previous Sophos report, which covered the period January to March in 2006.

Over the long haul though, the U.S. has made significant progress, since logging a “spam share” of 42.11 per cent in 2004. “They’ve come a long way, they’re numbers have gone down considerably,” said Carole Theriault, senior security consultant at Sophos.

She attributed the reduction to a number of reasons: “Companies [there] are using better security practices, the laws are a lot tougher against spammers, people are more aware and operating systems such as those from Microsoft Inc. have built-in firewalls.”

Asia generates more spam than any other continent, producing more than 40.2 per cent. It is followed by Europe, at 27.1 per cent and North America at 25.7 per cent. South America accounts for 5.5 per cent, while both Africa and Australasia account for 0.7 per cent.

The report said the vast majority of spam is relayed by zombies or bot-net computers. These are machines hijacked by hackers using Trojan or other viruses spread through spam.

Geist does not credit Canada’s lower spam score (of 1.6 per cent) to increased regulatory efforts or consumer vigilance.

“The prime reason is major Internet service providers (ISPs) are doing a better job of filtering outbound spam primarily by blocking Port 25. This limits Canadian-originated spam from getting out,” he said.

Spammers use high-speed Internet accounts to run their own mail server engines to deliver messages. These engines connect to a spam recipient’s mail server directly. The ISP does not see the spam message.

By blocking Port 25, the spammer’s direct connection to the recipient is cut off. If the spammer sends junk mail via the ISP’s e-mail server, the message can be detected and intercepted.

According to Geist, Port 25 blocking has led to a “dramatic reduction of outgoing spam.”

Theriault said Sophos has observed the rise of a new kind of spam campaign called “pump-and-dump”. The scam involves sending out massive numbers of “buy now” messages to jack up stock prices of a certain company. “These are e-mail campaigns that are essentially insider trading scams.”

She said the new spam scam has grown since first tracked by Sophos last year when it accounted for only 1 per cent of spam messages. Pump-and-dump spam now makes up 16 per cent of spam messages in the world.

The methods for controlling spam include installing firewalls and filters but perhaps the hardest remedy is to ignore unsolicited email.

Spam will continue to thrive as long as people buy products advertised by unsolicited email. Of the 500 respondents queried by Sophos, 10 per cent said they bought spam-peddled wares.

In many countries, including Canada, it is difficult to prosecute businesses and individuals involved in spam scams primarily because there is no legal definition of what constitutes spam.

COMMENT ON THIS ARTICLE



Related Download
Improving the State of Affairs With Analytics Sponsor: SAS
Improving the State of Affairs With Analytics
Download this case study-rich white paper to learn why data management and analytics are so crucial in the public sector, and how to put it to work in your organization.
Register Now