Twice a year, Symantec produces the Internet Security Threat Report, a comprehensive report outlining the major trends in Internet security over the previous six-month period. One security concern that is of interest to many people is the growth of spam and spam-related issues. Symantec monitors the source and volume of spam from around the world and uses this information to discuss the major trends in the spam-related landscape.
One trend that has been relatively steady is the largest country of origin for spam messages. In the second half of 2006, around nine out of 20 spam messages were sent from the United States. This highlights that although some other countries are gaining notoriety for being spam havens, the United States is still the number one spam distributor in the world. In fact, spam from the United States outnumbers spam from the second closest country, China, at a rate of seven to one. So although countries like China, Russia, and Brazil are touted as being the origin of the new wave of spam, they have a long way to go to catch up to the spam juggernaut that is the United States.
This is not to say that the spammers themselves are American. The purveyors of illicit pharmaceuticals, gurus of pink sheet penny stocks, and so-called representatives of “your bank” may very well be from China, Russia, Brazil, and other countries, but the spam itself is sent mostly through American computers. This has much to do with the way spam is distributed throughout the Internet. Spammers use computers infected with Trojans and other malicious code as surrogates to send out their bulk emails. This is so that when a spam email is received, it can not be easily traced back to the original sender.
The malicious emailing programs installed on computers around the world can be used to send emails directly from the computer, to send emails through the ISP of the computer’s owner, or used to bounce an email along to another compromised computer. When a computer is used to send a spam email directly, it is detected by Symantec as a spam zombie.
In the most recent Internet Security Threat Report, Symantec has kept track of and compiled a list of the top countries where these spam zombies were detected. Not surprisingly, the United States topped this list as well, although with only a slight lead over other countries. Compared to the much larger proportion of spam received from the United States, this can mean one of two things: spam zombies in the United States are being used to send exceptionally large volumes of spam compared to spam zombies in other countries, or that more spam from the United States is sent through ISPs and other sources than directly from spam zombies in the United States. Since many of the countries with many spam zombies have high broadband penetration (Germany and France, for instance), it is not likely that spammers are able to get a higher throughput of spam from American computers, especially since these countries are the source of much less spam than the United States. The most likely explanation is that spammers are more likely to use ISPs or free email addresses in the United States to send their spam.
As the spam landscape develops, Symantec is constantly tracking and analyzing data so that everyone – from home users to network administrators to executives – can become aware of what the future of the Internet will bring. For more information, download a copy of the latest Symantec's Internet Security Threat Report.