April 20, 2006 5:36 PM PDT

China vies with U.S. for spam title, report says

More spam is now relayed from Asia than any other continent, according to the latest research from security company Sophos.

Asia accounts for 42.8 percent of the spam received by Sophos' global spam monitoring network, with North America in second place with 25.6 percent, the company said on Thursday.

Two years ago, North America was responsible for more than half of the world's spam, Sophos said. Now North and South America combined don't come close to Asia's percentage, said Graham Cluley, senior technology consultant at the security provider.

related coverage
Spam cure has side effects
E-mail ID could wreak havoc on a company's system.

Cluley added that Europe is also becoming a major relayer of spam and now transmits almost as much as North America, with 25 percent. "I won't be surprised if Europe overtakes North America next month," he said.

On a country-by-country basis, the U.S. still relays most spam, with 23.1 percent. China and Hong Kong come second with 21.9 percent of global spam, while South Korea is third at 9.8 percent.

China has many computers running older versions of Microsoft Windows, which contributes to the levels of spam, as machines running older versions of the operating system are more easily exploited by spammers.

South Korea is a particularly tempting target for spammers, as a result of its advanced technology infrastructure and the economic rewards of setting up networks of zombie computers, or botnets, Sophos said.

"South Korea has a fantastic Internet structure with immensely fast connections, and so it is a goldmine for spammers wanting to create botnets," Cluley said.

A ZDNet UK research report released this week found that despite advances made in security technology, there has been little or no reduction in the time IT professionals are spending trying to protect their business systems from issues such as spam and viruses.

"The top 10 viruses in the past 10 months are really old, which suggests the human race isn't winning the war against viruses and spam," Cluley said. "Some people just simply aren't bothered, and they are the ones bombarding the rest of us."

However, Cluley said that Microsoft has made some big differences with XP Service Pack 2. The security-themed update to Windows has made it harder for hackers to break into Windows systems, because a rudimentary firewall and automatic updates are enabled by default, he said.

Antivirus company McAfee agreed that security vendors and cybercriminals were locked into a stalemate.

"It's almost like a game of chess," said Greg Day, security analyst at McAfee. "Spammers try to put our customers in check. We put pieces on the board to block them, then they make their next move," he added.

McAfee and Sophos agreed that spam was unlikely to disappear, and called for Internet service providers, businesses and home users to run antispam software. ISPs have traditionally been reluctant to block any kind of content, although most of the major players now have some form of antivirus protection for their customers.

"It's an issue we've been working on," Day said. "Every person has to protect their own space. But there's a lot of common sense in moving a security level up into the cloud," or in the space surrounding users and ISPs, Day added.

McAfee and Sophos also applauded the recent arrests of spammers, but said that more needed to be done in terms of international law enforcement cooperation.

"When the prosecutions hit the streets, there was a visible downtrend in spam. But these aren't global laws. It's a step in the right direction, but there's definitely scope to work on this," Day said.

Tom Espiner of ZDNet UK reported from London.

See more CNET content tagged:
Graham Cluley, Sophos Plc., spam, North America, South Korea


Join the conversation!
Add your comment
a normal article with a misleading racist headline
A title like this, similar to all other titles that are used to attract western readers' eye balls, will leave a negtive image of Asia and Asian people into those reader's brains, subconciously and eventually lead to hate between races.

I hope this is just one author's biased view, not representing what cnet standards for.

Otherwise, with CNET's influence in the online tech news readers, CNET itself will become the real public enemy!

You can say the fact as it is!
Posted by (2 comments )
Reply Link Flag
Overreacting a little aren't we?
I am in no way trying to devalue your opinions, you are welcome to them. But I think you are over reacting to the headline of the article. I seriously doubt that anyone is going to take a dislike to Asian's and Asian decendants just because we say that "Asia is public enemy #1 for spam". I mean we can all read the full text of the headline. As an american I am personally a little offended that you think I am that stupid and gullible that I would be turned into a Asian hater just because of an article headline.

Yes I will give you that they could have worded it better, perhaps "Asia #1 Spam Source" granted it isn't as exciting, but you are right that it is less inflamitory.

The thing is that here in the states saying that something is "Public enemy #1" is so common place that it is of little meaning anymore when seen in a headline. Just my little opinion.
Posted by iradi8 (4 comments )
Link Flag
Headline changed
While I would hardly characterize the headline as racist, it could have been more nuanced. It's been changed to this:

China vies with U.S. for spam title, report says
Posted by Jon Skillings (249 comments )
Link Flag
Users do care, but are ignorant
The article states that computer users don't care about viruses and other "infections" on their computers. As an IT professional I can say unequivically that this is NOT the case. It's not that users don't care, it's that they are ignorant. Not only of proper security practices, but also of what is actually going on with their computers. I can't count the number of times that I have had my users come to me and ask if I can take a look at their old computer, thinking that it is just old and broken down and needs to be replaced. When in fact the real problem is that it is so loaded down with adware, spyware and viruses, that it can barely open up and e-mail or word doc. After going through it with a fine toothed comb and removing all the junk, adding protections and doing some basic maintinance, they are beyond shocked that the system runs just like it used to when they first got it.

It is the old problem of people not being aware and not being knowledgable about their equipment, I am sure that car mechanics get the same kind of behavior. So saying that users don't care, is not only misleading, it misdirects us from the real problem. At least with cars people have to be licensed to get on the road, too bad the same isn't true of the Information Superhighway!
Posted by iradi8 (4 comments )
Reply Link Flag
Meanwhile US businesses are still the #1 source of spam
The spam might be sent using trojaned computers in Asia (and elsewhere), but it's still, mainly, advertising business located in the US.
Posted by tppp (5 comments )
Reply Link Flag
This is old news...
I have run my own mail server for many years and can tell you that Asia has always been the public enemy #1 for spam. Most US spam follows the legal restrictions set, so it is easy to filter and block. The US may GENERATE more spam, but very, very little makes it through the default filters set in more mail "server" software.

However, Asia has MANY open relays for spammers all over the world to take advantage of, and more likely to use illegal tactics to forge email headers. Language issues also make if difficult or impossible to help administration close holes or resolve issues. Most other countries at least use Google translators to try and respond: where as I get back stuff from Asia that requires special international fonts.

I only get about 1 or 2 messages a week that make it through my filter. 98% of the time this is an IP handled by APNIC (which is Asia's IP registry like ARIN). I block the ENTIRE subnet owned by APNIC and I never see anything from there again. After about 5 years, I had almost all of Asia blocked and only got 1 or 2 spam messages a month, but my server crashed, so I have been building up my block list again.

Asia = Bad Spam Country
Posted by umbrae (1073 comments )
Reply Link Flag
3rd party software to fight spam
"McAfee and Sophos agreed that spam was unlikely to disappear, and called for Internet service providers, businesses and home users to run antispam software."

I have purchased Spam Bully to fight spam. I'm so glad to have control of my Inbox again. This is a great product!
Posted by Lerra (2 comments )
Reply Link Flag
harder for hackers to break into Windows???
> Windows has made it harder for hackers to break
> into Windows systems, because a rudimentary
> firewall and automatic updates are enabled by
> default

Windows is still set by default to give anything admin privilges, incuding whatever you children download from the web, whatever you get by email from unknown sources, whatever you click on when surfing the web, whatever is automatically installed by any CD you put in your CD drive...

The kind of "security" built into Windows (even the "security-themed" WINXP SP2) is the kind of security that lets everything in and every once in a while finds that something got through. An antivirus program would only protect you against known viruses, and only after the virus can be scanned (so it's already in your system). The same with "anti spyware". They don't prevent the things. They just try to remove them once they are already there.

I only use a non-admin account except for software updates, and a few retarded programs (like the one that came with my video capture card that insists on writing to c: and not to a folder). I use a limited account for any access to the web (expept "Windows update"). I have a dedicated old machine used only as a firewall (Smoothwall). I have my email scanned for viruses on the server. I never had a virus. Never had any kind of spyware. I scan for them every few months but they're never there!

Now to spam: I only get spam on email addresses that were published on the web. I don't get spam on any address used normally and haven't put openly in a public place. People get spam because they ask for it. People who take care not to publish the addresses they need to keep in public places don't get spam (well... unless they use a very common usename in a very common domain...). Email addresses are as cheap as dirt. People suffer from spam because they are led by their ISPs to believe that the email address they got from their ISP is indispensible, just like a phone number. That's wrong. Phone numbers are scarce. Email addresses are not. Your ISP could let you have more email addresses than all the phone numbers in the world, and it would cost the same (i.e., it would cost absolutely nothing to the ISP).
Posted by hadaso (468 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.