India becomes the king of the spammers, stealing America's crown

Filed Under: Botnet, Featured, Malware, Phishing, Social networks, Spam

Spam. Image from ShutterstockThe experts at SophosLabs have released their latest "dirty dozen" report detailing the world's top spam-relaying countries - and we've discovered that in the space of a year, India has overtaken the United States to become the top global contributor to the junk email problem.

If you have a spam in your inbox, there's an almost one in ten chance that it was relayed from an Indian computer.

The top twelve spam relaying countries for January - March 2012

1. India 9.3%
2. USA 8.3%
3. S Korea 5.7%
4= Indonesia 5.0%
4= Russia 5.0%
6. Italy 4.9%
7. Brazil 4.3%
8. Poland 3.9%
9. Pakistan 3.3%
10. Vietnam 3.2%
11. Taiwan 2.9%
12. Peru 2.5%
Other 41.7%

The vast majority of spam comes from home computers that have been compromised by hackers, and commandeered into a botnet. Remote hackers can send spam from recruited computers, as well as potentially steal information or install other malicious code.

The good news is that overall throughput of global email spam messages has decreased since Q1 2011.

This is partly because of better work by ISPs around the world, but also reflects a change in tactics by cybercriminals. Spammers are increasingly finding traditional email spam ineffective, turning to social networks to spread these kinds of marketing spam campaigns instead.

Facebook and Twitter have for some time been targeted with campaigns but, most recently, hot new social network Pinterest has been used by spammers to distribute posts linking to webpages offering to sell goods, or earning commission for the spammers.

While basic marketing spam decreases, the number of messages that spread malware or that represent more targeted attempts to phish usernames, passwords and personal information is increasing.

The latest stats show that, as more first-time internet users get online in growing economies, they are not taking appropriate measures to block the malware infections that turn their PCs into spam-spewing zombies.

Don't allow your computer to be a contributor to the global spam problem. Defend it with up-to-date anti-virus software, and take care over the links that you click on and the software you install.

Spam image, from ShutterStock

, , , , ,

You might like

9 Responses to India becomes the king of the spammers, stealing America's crown

  1. Jason Harry · 728 days ago

    WOW! How come China isn't on this list?

    • Chester Wisniewski · 727 days ago

      China restricts access to email servers and requires a license to operate one. That doesn't stop them from spamming entirely, but it does seem to lower the volumes we receive. Not sure if the Great Firewall blocks a lot as well. Of course Naked Security is blocked there, so we aren't likely to get any feedback from the Chinese.

      • Jeremy · 727 days ago

        Is naked security blocked due to a political reason or simply for having the word 'naked' in it? (Wouldn't see how it could be anything but keyword filtering)

  2. Indians so far have been the victims of spam, especially email spams, NOT the source of spams. However, it is intriguing to read how they TOP as spammers. Still, I feel that Indians are unwilling partners in SPAMMING generated by others.

    • dmitry · 727 days ago

      Well, every nation has been a victim of spam, so it's true for Indians too. But since a significant portion of spam is sent from "botnets" today, Sophos' report simply indicates the amount of spam "relayed" via infected computers located in those countries. For the most part, it doesn't indicate the origin of the spammers, who can be anywhere.

      It is still important to highlight networks in which countries get abused the most by spammers. This problem can be managed through better policies, security education, technical measures, etc.

      If you look at the Internet usage statistics (http://www.internetworldstats.com/stats.htm), you'll see that the US has 245 Million Internet users vs 121M in India vs 40M in Korea.

      So, the Sophos' statistics suggest that the number of infected machines in India abused by spammers is at least twice as much as in the US. In reality, it's even bigger, since a certain percentage of the US spam portion represents abused mail services and other types of non-botnet spam.

  3. elevensecurity · 727 days ago

    India took over as the top spammer right after and as a result of the Rustock takedown in March of 2011. When Rustock was shut down this mainly affected Western industrialized countries where most Rustock-controlled bots were so the spam output of the US but also the likes of UK and Germany dropped drastically. India had been number two behind the US before and was largely unaffected by the Rustock takedown. With the exception of May 2011 when Brazil took the spam crown for a month, India has been on top ever since. In fact, India did not signifivcantly increase its spam output. Rather it "profited" from the "demise" of the US. We have documented the development in our bi-monthly spam reports: http://www.eleven.de/eleven-security-reports-en.h...

  4. June Etherington · 726 days ago

    There is also a Phone spam from India at the moment. I had a phone call which I believe may have been from India. Saying the were from BT OPTIMISE. They wanted to take remote control of my PC because they claimed I had a virus which wouldn't be covered by the security I already have. My friend had the same call & actually let them do that. But then they stared talking money wanted £59 for 3 month cover going up to over £200 for 2years cover. She ended the call.

    When I got the call I asked them for a number to call them back & the managers name. I then told them I worked for BT & would call them back. Needless to say they hung up. I used to work for Bt but am now retired but it's to say something like that to get them of your back

  5. Reblogged this on Learning From Data and commented:
    The bright side: The good news is that overall throughput of global email spam messages has decreased since Q1 2011.

  6. shtiasa · 288 days ago

    This can probably be due to the fact that most Indian computers are rarely updated-users feel that it is not worth it.Sloppy security practices like default passwords,etc. are also to be noted.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.