December 24, 2004 3:22 PM PST

U.S. leads the dirty dozen spammers

The United States is in a league of its own when it comes to sending junk mail to e-mail users.

Researchers at security software company Sophos found that 42 percent of all spam sent this year came from the United States, based on a scan by its researchers of a global network of honey pots--computers designed to attract spam e-mails and viruses.

Sophos said this is evidence that America's antispam legislation simply isn't working.

"When we released the first report back in February, the U.S. had the excuse that the Can-Spam Act had been in existence for only three months," said Graham Cluley, senior technology consultant for Sophos, on Friday.

Source of spam
Machines in the United States generate by far the largest amount of junk e-mail and other online pests.
Country Share of
spam (percent)
United States 42.11
South Korea 13.43
China 8.44
Canada 5.71
Brazil 3.34
Japan 2.57
France 1.37
Spain 1.18
United Kingdom 1.13
Germany 1.03
Taiwan 1
Mexico 0.89
Source: Sophos
"Almost a year and millions of spam messages later, it is quite evident that that the Can-Spam legislation has made very little headway in damming the flood of spam," he said.

South Korea and China came in second and third place, respectively, but together they sent just half as much spam as the United States.

Sophos warned that many spammers are using hacked PCs with broadband connections to send out their spam. This could explain South Korea's position near the top of the list, as it leads the world for broadband penetration.

"Spammers are motivated by one thing--quick, easy money," Cluley added. "There are plenty of spammers who have taken their money-making schemes to the extreme by hacking into innocent third-party computers in an effort to do their dirty work."

"Many of the computers sending out spam are most likely to have had their broadband internet connections exploited by remote hackers. Zombie computers--PCs that have been compromised by hackers or virus writers--are sending out over 40 percent of the world's spam, and many users who fall victim are unaware," he said.

Dan Ilett of ZDNet UK reported from London.


Join the conversation!
Add your comment
CAN-SPAM is weak.
If a spammer uses a hacked PC to send mail, he should be charged not just for spam but for his involvement in hacking the PC. This would be very similar to the existing legislation on "possession of stolen goods".

Working for an ISP, I have located these hacked PC's, and seen traffic signatures from the system uploading word lists to them. What I have learned from the traffic signatures is that they either use the same software, or the spammers share a lot of code. I have observed advancements in the SMTP engines used on these PC's over the past year or so.

I don't work in abuse, but I wonder how hard would it be to set up a honeypot and seek damages from these spammers? Is this information readily available for ISP's?
Posted by Dachi (797 comments )
Reply Link Flag
Can Spam is aptly named and strong ...
It's a strongly pro-spam law, it's terms were negociated with the DMA to prevent harming the spammy activities of their members !

At this point, my bet would be with offensive tools similar to Lycos's first attempt (MakeLoveNotSpam) that was downloaded by more than 100000 people in just a few days. Such massive DDOS tools have the potential to coerce spam friendly website providers (or their upstreams) do stop their business relationship with their spammy customers. I eagerly await for more destructive alternatives to appear, and if it slows down traffic from China and Florida, so be it !
Posted by My-Self (242 comments )
Link Flag
damages from these spammers
<a class="jive-link-external" href="" target="_newWindow"></a>
Posted by Al Johnsons (157 comments )
Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.