Sophos Cloud Optix
The recent majority of spam may not be ‘MADE IN AMERICA’ but it is getting pushed through American computers.
According to the latest stats from SophosLabs, the USA is back on top as the world’s leading spam-relaying country. In the last three months, almost one fifth of all global spam has come from computers in the Land of the Free.
The so-called “Dirty Dozen” of top spam relayers has a few changes from the last time we reported it back in October.
The top twelve spam-relaying countries for December 2012 – February 2013
| 1. USA | 18.3% |
| 2. China | 8.2% |
| 3. India | 4.2% |
| 4. Peru | 4.0% |
| 5= France | 3.4% |
| 5= S. Korea | 3.4% |
| 5= Italy | 3.4% |
| 8= Taiwan | 2.9% |
| 8= Russia | 2.9% |
| 10. Spain | 2.8% |
| 11. Germany | 2.7% |
| 12. Iran | 2.6% |
| Other | 41.1% |
In the latter half of 2012, India had been leading the way but has now fallen back to third, with China leapfrogging into second place after a spell in the lower half of the list.
After the top two, the spammers are distributing their activities fairly evenly across the rest of the list.
Stepping back and looking at spam relay from a continental viewpoint we can see that Asia keeps the top spot (that it has held for some time now). But there has been a significant redistribution – note the shift from India to the US with a 12% swing from Asia to North America.
Top spam-relaying continents for December 2012 – February 2013
| 1. Asia | 36.6% |
| 2. Europe | 27.5% |
| 3. North America | 22.0% |
| 4. South America | 10.9% |
| 5. Africa | 2.6% |
| Other | 0.4% |
All this being said, this does not mean that the spammers themselves have migrated west – only that they’ve just recently had an easier time compromising computers in the US. So what indication might this give us about the security of American computers?
Unfortunately, when it comes to relaying spam, it is true to say that if you are not part of the solution then you are part of the problem. Leaving your computers weakly protected opens you up to attack, but also allows the spammers to use you as an outlet to pollute the internet for everyone else (and makes you – or your country – look like the bad guy).
Don’t allow your computer to be a contributor to the global spam problem. Defend it with up-to-date anti-virus software, and apply application security patches promptly.
If you’re not sure what patches are, or what promptly means in this context, take a few minutes to listen to this quick and dirty Sophos Techknow podcast, and fellow bloggers Chet and Duck will get you up to speed.
Spam inbox and Wall of emails images from Shutterstock.
"When it comes to relaying spam, it is true to say that if you are not part of the solution then you are part of the problem." Well said, Richard.
I'd like to know if SophosLabs wants to be part of the solution, or not. If they want to be part of the solution, as SophosLabs have collected all the data about global spam relays, at the least they should notify the victims' ISPs, which could then help the victims to deal with the problem.
All the security experts repeatedly emphasize the importance of information sharing and global cooperation in combating security problems like botnets, etc. Will they do what they have asked others to do?
Seriously, let's not be naive. I believe security experts will be as good as their words.
Sophos have in the past, and do inform ISPs about botnets and activities on their networks. It should be up to the operator to have robust detection methods in place to detect these kinds of problems, and resolve them before they become a big issue.
There are also already organizations such as Shadowserver (or ACMA and AUSCERT in Australia) who will notify you when they see or have problems reported to them in regards to your IP space.
That's good to know that Sophos have done their part of information sharing and security notification. Thank Sophos for making the Internet safer for all of us.
This list shows the top 12… is it possible to get a *complete* list or a top 100? And I might as well admit that I'm after a complete set of national stats going back 5 years, to see who the worst are in recent history.
Help me!
I read a report that contains dirty dozen spam, 2012, 2013.
Could anybody let me know how regularly the report realease?
I can't find report which contatins dirty dozen, I just saw dirty dozen in Q1 2013 on this website.
I wonder If dirty dozen report releaased on Q1 2013, If released Where can i find it?
Good timing – the new Dirty Dozen will be released in the next couple of weeks! Stay tuned to Naked Security 🙂