June 9, 2006 3:47 PM PDT

Spam: Made in Taiwan?

The majority of spam servers are physically located in Taiwan, according to CipherTrust.

In research conducted in May, the e-mail security company found that 64 percent of machines sending out junk mail were in that country. Next was the United States with 23 percent and third China, with 3 percent.

CipherTrust also determined that unwanted e-mail traffic went up as much as 20 percent worldwide in May. The data was gathered using CipherTrust's network of fake "zombie" computers, among other sources, the company said. Spammers typically use networks of zombies, or compromised PCs used without their owners' knowledge, to send out their junk messages.

The company attributed the spam rise to two factors: the demise of antispam efforts by Blue Security, and growing use by spammers of image-only e-mails to defeat filters.

After a distributed denial-of-service attack at its service provider, Six Apart, Blue Security announced it would cease its antispam activities. The Israeli company ran an effort called Blue Frog, which enlisted people to send replies to unwanted e-mails, resulting in a barrage of messages to spam servers.

"They (Blue Security) had hundreds of thousands of clients," Dmitri Alperovitch, a CipherTrust research engineer, said Friday.

As for image-based spam, it's now one of the most popular ways for spammers to combat filters, he added. Text is placed into a message as an image. This allows them to fool some systems that use textual recognition to parse the words of a message to identify e-mails as spam.

Using images, spammers can also more easily alter the print, background color and other identifying factors used by message analysis tools, Alperovitch said.

"It's hard to identify as spam, unless you are using optical-recognition technology, trying to identify characters within an image to recognize as text," he said.

But optical-recognition technology is typically not appropriate for use in antispam systems because it's fairly slow and not extremely accurate, he said.

Alperovitch also said CipherTrust saw 7.4 million new zombies in May. About 24 percent of them are located in China, 9.4 percent in the U.S. and 7.5 percent in Germany. However, Alperovitch noted, there are only thousands of spam servers.

"There are about 5,000 servers who are actually sending the spam to the zombies. Most people would not even see the spam server. Their interaction is only ever with the zombies out there," he said.

See more CNET content tagged:
CipherTrust Inc., zombie, Taiwan, anti-spam, spam


Join the conversation!
Add your comment
Message has been deleted.
Posted by firstlast (35 comments )
Reply Link Flag
Only one solution to spam
And that is one that makes some people hysterical: a fee for
each email message. The cost would be so low -- perhaps a
penny a message -- that it would be a very slight charge to
individuals, but that is enough to clobber slammers. Legit
businesses could negotiate their own deals. This SHOULD NOT
be administered by governments or it will serve simply as a tax.
It is likely to be a money saver as the need for mail filters will

Some business, or cooperative effort, needs to be established to
implement this, perhaps one that can be offered to individuals
and businesses who volunteer to participate.

Sign me up!
Posted by nicmart (1829 comments )
Reply Link Flag
Here is my twist to this
and most of the fee levied would go to the recipient of the email... This would ensure that people that just like to write a lot of email (think how much SMS and IM teenagers send these days), do not get unfairly penalised, and if you belong to a closed community, most of the fee would stay within that community.

This could also create an industry of people that want to receive as much spam as possible and opt into such options so as to collect as many pennys as possible.
Posted by Flytrap (82 comments )
Link Flag
Tax Won't Work For Zombies
As the article states, the majority of spam email is sent out through compromised "zombie" computers. It is the owner of these computers who would pay an email tax, therefore it will not stop the spammers. Better ways to stop spam include pre-authorizing email senders and better spam filters. I can recognize a spam email in a second usually just be looking at the From or Subject line. If I can do this, a cluster of super computers should be able to do this too.

I will also repeat that email services like Yahoo let their customers down by not providing them a way to block emails at the country domain level. I don't know anyone in Taiwan, China, Koreas, Russia, France, etc. and I do not wish to receive ANY email coming from those domains. The ability to block those domains would cut my spam level by 80%. A recent example of this is a large number of emails I have received pumping penny stocks. I simply look at the email header and see that this spam is coming from France. If Yahoo provided the proper filtering, I would just block France emails entirely.


Subject: pay attention to the letter fcyi.pk for you to check
Growth stoccks that make your bottom line handsome
For Immediate Release
Allert Issued - Watch FC YI.PK Trade Today!
Fal con E nergy, Inc.

X-Originating-IP: [|]

inetnum: -
descr: Proxad / Free SAS
descr: Static pool (Freebox)
descr: desaix-1 (strasbourg_es)
descr: NCC#2003105812
country: FR
Posted by maxwis (141 comments )
Link Flag
Paying for email is idiotic and pointless
Not only couldn't you administer this except with legal users, but charging users a penny to send an email is a windfall to companies, makes casual emails prohibitive to users, but some bulk emailers could afford it still.
Posted by gubbord (171 comments )
Link Flag
You forget
You forget that it is the zombie sending the spam--so the person who has the computer that will be paying, not the spammer. It will be just like those dialers that malware folks install on dcomputer to dial 900 numbers, and you get a bill for hundreds.

The answer to spam may be a new opensource project similar to Blue Security's Black Frog: <a class="jive-link-external" href="http://wiki.okopipi.org/wiki/Main_Page" target="_newWindow">http://wiki.okopipi.org/wiki/Main_Page</a>
Posted by hawkeyeaz1 (569 comments )
Link Flag
if you pay, it's not email any more
Email works without postage because of the tacit assumption the recipient will welcome the message and be glad to pay his share of the cost of delivering it. Because there's no postage, there's no central postage authority. The public email system is completely decentralized. There's no place to wiretap it. (If you choose a crummy ISP who cooperates with the secret police, that's your fault.)

If there's a central authority, the email system becomes far more complex than it ever was, even more complex than today's filtering monstrosities. Because when you're paying, an email server becomes a banking system, with all the related security and accounting systems. Where there's money, there are thieves and you need safes and bullet proof glass and surveillance cameras.
People like me couldn't afford to run servers for our friends any more. You'd be taking the email system away from us, and handing it to a handful of giant corporations. No thanks. (And if you're already buying email service from a giant corporation, that's your choice and your fault.)
Posted by clsgis (41 comments )
Link Flag
hold the culpable corporations responsible
I trace and report a good fraction of my incoming spam every day. That is, the 5% or so that gets past my source blocking lists.
It comes from bots uniformly distributed worldwide.
The bots are *everywhere*. The bots are controlled through other bots, proxies. You can't trace it that way.

All of it except the stock pumping spam wants you
to go to the spammer's Web site or send mail to
the con artist's (more often than not *Yahoo*) email address.
If the public knew how little Yahoo is doing compared to what it *could* be doing,
Yahoo would be forced to clean up. And they
*could* do it. Mail.com (Outblaze) is bigger
than Yahoo Mail and they *don't* have a fraud
spammer infestation. All it would take would
be a journalist with a backbone to blow the whistle on Yahoo Inc's role in the Nigerian fraud industry.

Most of the spammer Web sites I traced today were
on one little segment of China Netcom. The
spammer is secure there because he knows cnc-noc.net won't do anything. And CNC won't do anything because the companies that connect it to the US, AT&#38;T, Savvis, and Verizon, won't enforcetheir contract language that says China Netcom has to do something about criminal use.

Why won't Verizon and Savvis and AT&#38;T do something?
Because journalists are a bunch of lapdogs.
They don't dare report the story where a big
famous consumer brand corporation is the bad guy.
AT&#38;T knows nobody will ever blow the whistle
on their knowing collaboration with the criminals
who are destroying the public email system.
Verizon and Savvis know it. The journalists know it. Only John Q. Public is in the dark about where spam comes from and who could stop it and why they don't.

It's easier to write some junk about some company nobody ever heard of that's only peripherally involved in the fight, and stay out of the real culprits' way. And get ready to write the story about how the email system died. Just don't name any names.
Posted by clsgis (41 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.