Dirty Dozen Spampionship – which country is spewing the most spam?

Filed Under: Featured, Spam

With the 2014 World Cup complete, and the Commonwealth Games just round the corner, we thought it was a good time to publish the latest SophosLabs Spampionship charts.

We measured which computers in the world sent the most spam in the second quarter (April, May and June) of 2014, and turned our measurements into a pair of League Tables.

The first table shows the amount of spam per country by pure volume:

Click for hi-res version...

Click on the image for a hi-res version

The second, more equitable, table takes into account the population of each country, and shows the approximate amount of spam per person:

Click for hi-res version...

Click on the image for a hi-res version

As always, we're not seriously suggesting that spam prevention is a competitive exercise, and we're not implying that the countries at the top of our charts are the worst offenders when it comes to cybercrime.

Remember that the vast majority of spam is sent unsuspectingly from computers infected with malware, so that if you aren't careful, you may end up being part of the problem rather than part of the solution.

Stop to think

Imagine, for a moment, that your computer is infected to the point that unknown cybercriminals from the other side of the world can order it to start sending spam at will.

Now stop to think what else those crooks might be asking your computer to do, such as:

Most of the spam that was counted by SophosLabs for inclusion in the charts above came from a computer that might well have done any or all of the above things, in addition to sending spam.

Spam - it's a world game

So, just as the soccer World Cup reminds us that football is the "World Game", because it's played so keenly in so many countries, we hope the Spampionship Tables are a reminder that spam is a global problem that affects us all.

Of course, it's easy to see the Spampionship Tables as inevitably negative: no matter how much spam there is (or isn't), there will always be a Top Twelve, and if one country falls out of the charts, another will take its place.

But there are some good points this quarter, most notably that the top per-person spam relaying countries are no longer as far in front as they were before.

As we have come to expect, the US tops the "by volume" charts, simply because it has a large population and the bulk of the world's internet infrastructure.

Because of that, our Spampionship has adopted the custom of using the US as the benchmark per capita figure, so that other countries are measured by how much more or less spam per person they send.

Simplifying greatly, the average computer in a country that weighs in at 2x the spam-per-person of the US probably has about twice the chance of being infected with malware.

Similarly, if computers in your country are, on average, twice as well protected (and your users twice as cautious) as in the US, you'd expect to show up with a spam-per-person rate of 0.5x the US figure.

Big improvement in Belarus

In 2013, Belarus was the per capita spam frontrunner with a spam rate ranging from 4x to nearly 30x that of the US.

This time, Belarus has given up first place to Bulgaria, with both those countries coming in at about 2x the US figure

Some other points of interest from the latest tables are:

  • Switzerland has come from way behind (having been no higher than 20th in the previous three quarters) to win the Bronze medal. If you're Swiss, I urge you to check your computer for malware right away, just in case.
  • Luxembourg has held onto its fourth spot, for the third time in the past year. We aren't sure why, but for a developed economy in the European Union, that's a bad look. You can do better!
  • France and Italy are making an appearance for the first time in the past year. Italy has been at the fringes of the Top Twelve (14th) before, but France has been no higher than 27th. Quel dommage.
  • Despite being the clear winner by volume every quarter since we started the Spampionship, the United States has never been in the per capita Top Twelve before. This time, the US just sneaked into 12th place.
  • Last quarter's "little countries", population wise, were The Bahamas and Macau; they've dropped out of the charts this time, letting Iceland back in for the second time in a year.
  • The only South East Asian country in the per person Top Twelve is Taiwan, down to 11th after spending the back end of 2013 in third position.

The bottom line

In summary, we aren't pointing fingers at you if you come from one of the countries at the top of our chart.

But we do want you to remember that almost all of the spam that SophosLabs receives in its spamtraps is there with the help of someone who slipped up with their security.

Don't give the cybercrooks a foothold to carry out their crimes: kill-a-zombie today!

Kill-a-Zombie with the free Sophos Virus Removal Tool

This is a simple and straightforward tool for Windows users. It works alongside your existing anti-virus to find and get rid of any threats lurking on your computer.

It does its job without requiring you to uninstall your incumbent product first. (Removing your main anti-virus just when you are concerned about infection is risky in its own right.)

Download and run it, wait for it to grab the very latest updates from Sophos, and then let it scan through memory and your hard disk. If it finds any threats, you can click a button to clean them up.

Click to go to download page...

, , , ,

You might like

2 Responses to Dirty Dozen Spampionship – which country is spewing the most spam?

  1. Anonymous · 59 days ago

    What's a commonwealth? :)

    • Paul Ducklin · 59 days ago

      This is not *a* Commonwealth, such as Massachusetts or Australia, but *the* Commonwealth, or more, properly, The Commonwealth of Nations.

      Basically, you have to be [a] a former British colony that isn't America or [b] Mozambique, which is bordered all around by former British colonies (except for the part that's bordered by the sea, of course) or [c] Britain.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog