The Dirty Dozen Spampionship: Who's who in the global spam-sending league?

Filed Under: Botnet, Featured, Spam

It's once again time for our quarterly Spampionship charts.

We looked at the sending countries for all the spam in our spamtraps over the first three months of 2014, and turned the figures into a League Table - the sort of league you don't want to win!

Remember that if your country is on the list, we're not implying that you and your fellow countrymen are spam kings.

That's because cybercrooks don't send their own spam: that would be expensive, and easy to track, and would point the finger of law enforcement right back at them.

Instead, the crooks co-opt innocent third parties - like you and me, or our friends and family - to send spam for them.

The criminals use malware-infected computers as remote control "spam robots," better known as bots or zombies, to churn out unwanted and illegal emails on their behalf.

You end up paying for the bandwidth, carrying the risk, and contributing to your country's standing in the Spampionship.

As usual, we've produced two tables: by volume, and by population (per capita):

Click for hi-res version...

Click for hi-res version...

Click on the images for hi-res versions

After all, if we went only by volume, bigger and better connected countries would tend to come out on top no matter how hard they tried to eliminate zombies.

And small countries would tend to lurk in the lower ranks, even if spam-sending malware were rife amongst their residents.

What's new and interesting this time?

There were five new entries this quarter in the per capita chart: Bulgaria, Spain, Macau, Romania and Argentina.

Macau and Romania are appearing for the first time.

Falling out of the per capita Spampionship table this quarter were: Kuwait, Kazakhstan, Ukraine, Peru and Iceland.

If we cut the little guys some slack and remove the three smallest countries, putting the country cutoff at a population of 1,000,000 population instead of 300,000 as we did above, we relegate Macau, Bahamas and Luxembourg.

That would bring Chile, Italy and Ukraine into the table instead.

→ We shouldn't really fiddle with our figures after we've decided on the "rules of admission," of course. But smaller countries can get unlucky, because a single spam campaign that would be a drop in the ocean in a bigger country might make a large difference to its overall per person outcome.

Chile and Ukraine have made it once each into the Dirty Dozen itself the past year; Italy never.

By volume, the biggest surprise is Spain, which surged right up into second place.

That was enough to push Spain into the per capita Dirty Dozen, too, where it made seventh place, up from 11th place a year ago, last time it featured.

France and Japan also produced more spam than they have since we started the Spampionship charts.

Both countries were on the fringes last time (15th and 13th respectively in the Q4 2013 results), but popped up into the middle of the chart this time.

Population size kept France and Japan out of the top 12 per capita, though, with both countries scoring less than the 1 x US benchmark figure. (0.97x for France, and just 0.49x for Japan.)

The US, by the way, came in 27th place in the per capita figures.

The big surprise

The biggest surprise in the per capita table was Israel.

The Middle Eastern technology powerhouse continued its climb in spaminess, from 12th in Q3 2013, to 7th in Q4 2013, to a disappointing third place this time.

With a comparatively small population, Israel's by volume contribution isn't enormous (29th place with 0.9% of the world's spam), but that per capita result - more than three times the rate of our benchmark, the USA - just isn't good enough.

Interestingly, Israel has a reputation for successfully incubating IT startups in the past 20-25 years, including numerous computer security related companies.

Perhaps that historical fact will be an incentive to computer users in Israel to scan their computers for malware?

It certainly looks as though they'd help themselves and everyone else by doing so.

And the winner is...

What can we say about Belarus, out in front in the per capita results for the fourth quarter in a row?

We were determined to find a silver lining, and here it is: although Belarus is still the worst place in the world for spam per person, it is no longer as far in front as it was.

Belarus's score has dropped from 27x as bad as the US a year ago to "only" 4.5x as bad today:

So let's find some encouragement for the Belarussians: "Keep at it, chaps!"

Further information and advice

If you're worried that friends or family members might be unknowing contributors to the spam problem, then you may want to give them a pep talk and a computer security health check.

To help you get started, here are our Do These Three tips from last year's Cyber Security Awareness Month.

By the way, although spam is probably the best known side-effect of a zombie malware infection, that's not all the crooks want your computer for.

Why not listen our Techknow podcast Understanding botnets?

SophosLabs bot-hunting expert James Wyke takes you into murky money making machinery of the cyberunderground:


(Audio player not working? Listen on Soundcloud.)

Previous Spampionship results

, , , , ,

You might like

3 Responses to The Dirty Dozen Spampionship: Who's who in the global spam-sending league?

  1. Do you do a similar league table by OS and version ?

    • Paul Ducklin · 155 days ago

      No. It would be fun! But it might be quite hard.

      I haven't looked at the raw data - I'll have to ask the Labs guys - but in SMTP terms, you almost always only have information generated by a bot to go on. So there's no "law-abiding" email client or the sending server to tell you the truth about the configuration of the source computer. And in TCP/IP terms, I'm guessing a lot of the traffic will emerge from a SoHo router doing NAT, so the OS is unlikely to be obvious, either.

      A good first approximation, though, would probably look like this:

      #1 Windows XP
      #2 Other

      :-)

  2. Nigel · 154 days ago

    I'm moving to Iceland.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog