The Dirty Dozen spamming countries - introducing the SophosLabs SPAMMIERSHIP League Tables!

Filed Under: Featured, Malware, Phishing, Security threats, Spam

Once every three months, we tot up our country-by-country spamtrap statistics for the previous quarter and calculate the Dirty Dozen.

Of course, this is one "competition" in which getting promoted into the Premier Division of spam senders is a cause for disappointment, not jubilation.

The promotion/relegation analogy is particularly apposite this time.

Three countries exited the Dirty Dozen this quarter, but didn't drop any lower than the Serie B of spam (places 13-24 on the table).

Likewise, the three countries that took their place in the top flight all came up from the 13-24 range.

And, just like in your favourite football league, the majority of the high-flyers stayed put at the top.

Welcome, then, to the SophosLabs SPAMMIERSHIP League Table:

Click on the image above for a higher-resolution version.

But is it so surprising that the USA is the Man United of the SPAMMIERSHIP, "winning" as often as not, or that China and India are often found near the top?

With more than a billion people each and a thirstily-increasing demand for internet access in both countries, where else would you expect to see China and India except in the Dirty Dozen?

And with more than 300 million people and the lion's share of the world's internet connectivity, where else would you expect to see the USA than leading the pack outright?

What, then, if we scale the scores up or down in proportion to each country's population?

Now things get interesting, becase a rather different story emerges:

Click on the image above for a higher-resolution version.

Half of the volume-based culprits are gone, and countries that would usually fly under the radar when measured on spamming volume alone - like Luxembourg and Singapore - suddenly burst onto the scene.

Don't be surprised.

This doesn't mean that usually law-abiding Singapore has turned into a seething swamp of spam-related cybercriminality.

Remember that although the Dirty Dozen denotes the extent to which a country's computers are used for delivering spam, it doesn't tell us where the spammers themselves are located.

That's because most spam is sent indirectly these days, especially if it is overtly malevolent, such as:

  • Phishing emails. These try to lure you into entering passwords into mock-ups of a real site such as your bank or your webmail account.
  • Malware links. These urge you to click links that put you directly in harm's way by taking your browser to hacked websites.
  • Malware deliveries. These use false pretences, such as fake invoices, to trick you into opening infected attachments.
  • Identity theft. These invite you to reply with personally identifiable information, often by claiming to offer work from home opportunities.
  • Investment scams. These talk up investment plans that are at best unregulated and at worst completely fraudulent.
  • Advance fee fraud. These promise wealth or romance, but there are all sorts of fees, bribes and payments to hand over first.

If the crooks behind this sort of cybercrime were to use their own computers, they'd never be able to send the volume of spam they'd like.

Also, using their own computers would lead law enforcement to their digital doorsteps.

Instead, cybercriminals rely heavily on bots, also known zombies: innocent users' computers that are infected with malware that regularly calls home to download instructions on what to do next.

Those instructions may say something such as "here is a boilerplate email message, and here is a list of email addresses - send a copy to everyone on it."

So, if your country is in the Dirty Dozen, it almost certainly has a much-higher-than-average number of unprotected computers that are actively infected with malware.

And if a cybercriminal can secretly tell your computer to send spam to 1000 people you've never heard of - leaving you to argue with your ISP why you shouldn't be thrown off line for antisocial behaviour - then ask yourself this: "What else could he get up to on my account?"

In short, the SPAMMIERSHIP League Tables are meant as a light-hearted way of reminding us all of one very serious aspect of computer security: namely that if you put yourself in harm's way, you'll probably end up harming lots of other people, too.

In other words, getting serious about computer security is the easiest sort of altruism: by protecting yourself, you help to protect everyone else at the same time.

, , , , ,

You might like

14 Responses to The Dirty Dozen spamming countries - introducing the SophosLabs SPAMMIERSHIP League Tables!

  1. John · 464 days ago

    USA is thr top of the list in volume because, like the cause of most gun accidents in the USA, Americans, by and large, are lazy and stupid. (Yes, I am an American). The reason this does not stop is bacause no one considers it as anything but annoying.

    • Paul Ducklin · 463 days ago

      Interestingly, the main point of the article is to suggest that, as much as some Americans like to demean themselves, the US isn't really top of the list at all.

      FWIW, the numbers in the second graph - Singapore at 15 up to Belarus at 271 "spamminess units" - were acquired by scaling the US spam/person figure to 1, and the US is (from memory) down in 25th place.

      As far as explaining why the US is above, say, Luxembourg *in volume*, I suggest that having 300,000,000 people instead of 450,000 might have a bit more to do with it than any generic character traits of those people, real or imagined.

  2. Anonymous · 463 days ago

    You really need to adjust by number of computers (or, say, Windows installations) in a country, rather than number of people.

    • Paul Ducklin · 463 days ago

      Adjusting by population is a good start, wouldn't you say?

      In the developing world, no. of people probably over-estimates the number of computers - or, at least, devices - but in the developed world, under-estimates.

      However, no. of computers is itself harder to estimate than population.

      As for "Windows installations" - seems you are implying that Mac users are immune to this stuff :-)

  3. Paul Ducklin · 463 days ago

    Commenting on my own article :-)

    In case you are wondering what the "271" means against Belarus in the second table, or "15" against Singapore, and so on: I scaled the per capita figures so that the USA had the value 10. Simple as that.

    FWIW, the USA came in at #25 on the per capita table.

    [Note: I updated this comment at 2013-07-18T09:46Z - I originally said US=1 but it should be US=10, making the worst performers not quite as bad as I might at first have implied!]

  4. ASnert · 463 days ago

    There are FREE firewalls that monitors incoming AND outgoing traffic; thus one knows if something tries to 'call home'. They work. Yes, there's perstersome notifcations that an obscure app wants to call Momma. The firewall I use has boxes I can click so I can deny/allow the app and 'Remember This Choice' - so I can let the apps I trust to automatically update. So simple.

  5. Andrew · 463 days ago

    wow wouldn't you Adam and Eve it, the USA on top of the list. well Government like wise people I suppose lol.

    • anonymous · 463 days ago

      What does that even mean????

      • Paul Ducklin · 462 days ago

        Are you asking, "What does 'to Adam and Eve it' mean?"

        If so, 'to Adam and Eve' is rhyming slang for 'to believe.' British English around the world has plenty of these. You can't really work them out. You just have to learn them :-) For example, Aussie surfers might talk about a "Noah," but unless you knew that was short for "Noah's Ark," which rhymes with "shark," you'd be lost.

        Or are you asking what the second sentence means?

        If so, I am not sure either.

  6. Glen · 462 days ago

    How do we know whether or not another country is behind these smaller countries just trying to throw off suspicion.

    • Jared · 448 days ago

      With the amount of proxie companies out there who actually knows?

  7. Michael Parsons · 462 days ago

    Very interesting to see the population comparison - I would have expected at least two of those countries to have higher than usual levels of protection against infection, so to see them so high on the list is a notable surprise.

  8. Michael · 462 days ago

    It's OK we will all be saved from fraud because the Americans have PRISM to save the free world.

    God Bless America

  9. Rob Palmer · 461 days ago

    I'm concerned about the waste of time over a span of time that one (me) wastes checking this stuff to make sure something you customarily have drop in your inbox hasn't landed here. The latest yahoo is pokey opening the spam folder (they should make it selectable) , and this wastes more time. I feel that E-mail handlers should also provide for auto deletion of this stuff, and it could at the same time send a desist message to the sender. Please don't send me another offer of a Russian girl friend!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog