All hail the new spam king: India

Email India (Shutterstock, Melnik)

As one of the most-connected countries in the world, computers in the United States have historically been the biggest source of spam on the Internet. That doesn’t mean the U.S. is full of spammers, but rather that the United States is comparatively packed with computers, and a significant number of those have been infected with malware and botnets that put them in the control of spammers. Those spammers, of course, can be located anywhere in the world.

However, recent changes to the spam landscape mean the United States is losing its crown as Spam King. Now, India appears to be the country sending the most spam.

Does the change mean the good guys are winning the war on spam? Or are the spammers just getting more devious?

It’s not easy being number one

Identifying where spam comes from might sound simple — just write a program to analyze spam messages you receive and determine the address of the computer that delivered it to you. (It’s in one of those evil-looking Received lines in the headers of every message.) Then, look up who is responsible for that address — most of the time, that’ll tell you the country (and often the general area) of the particular machine that sent a message. Perform that analysis across millions of spam messages and voilà! Instant rankings of spamming countries!

That’s the basic principle behind all summaries of spam activity, but the reality is a little more complicated. Leaving aside issues like VPNs, misconfigured networks, and abused relays that can greatly obscure the true origin of an email message, you have to make sure the spam you’re receiving (and analyzing) is representative of all the spam being sent everywhere in the world, both in terms of type as well as frequency. Otherwise, your analysis doesn’t have any bearing on global spam activity.

Spam in mailbox

It turns out this is no small feat. Different outfits take different approaches to the problem. Some provide security services and products for consumers and businesses, and generate their reports based on the spam their products catch on behalf of their clients. Sometimes their clients are huge, so the services see a lot of spam. Others set up so-called “honeypot” addresses (email addresses designed to do nothing but receive spam) and publish them widely on Web sites, newsgroups, social networking services, and other places to make sure they get into spammers’ databases — then analyze everything they receive. Still other companies operate email services, and base their assessments of spam on what users do (and don’t) report as spam. Others are network or email services operators, and simply watch their own network traffic and make a note when they see a message bearing the characteristics of known spam.

None of these approaches are perfect, so many outfits use a combination of these techniques (and more besides) to try to get a picture of the state of email spam around the world. But there will still be major gaps, thanks to geopolitics and cultural barriers. For instance, thanks to the Great Firewall, no Western security or email firm has much of a notion of the spam situation in China — and China boasts more Internet users than any other country on Earth.

So, it should come as no surprise that the folks trying to track spam almost never fully agree on where spam originates.

Sophos — Security firm Sophos has made a habit of publishing a “dirty dozen” list of the top 12 spam-sending countries, updated four times a year. For January through March 2012, Sophos says India took the top spot, with computers there sending some 9.3 percent of the spam Sophos analyzed. The United States came in second with 8.3 percent, and from there the amounts drop off quickly: South Korea was third with 5.7 percent, and Indonesia and Russia tied for fourth with 5 percent each.

Kaspersky, a security firm based in Russia, comes to somewhat different conclusions — presumably because the ways it’s sourcing spam are different from those used by Sophos. Nonetheless, for March 2012 Kaspersky found India the top source of spam, sending some 12.3 percent of spam messages it analyzed. (Kaspsersky also gave India top ranks for January and February 2012.) But there Kaspersky parts company with Sophos, consistently ranking Indonesia as the number-two spam sender, with Brazil, Vietnam, and South Korea consistently ranking above the 5 percent mark. For Kaspersky, the United States isn’t number two: in fact, it never even cracks the top ten.

German email security firm eleven also marks India as the top origin country for spam during March 2012, accounting for 11.7 percent of all spam for the month. But guess what? The United States isn’t number two, and neither is Indonesia. Instead, the Russian Federation ranks number two, accounting for 7.5 percent of all spam. Brazil ranked third with 7.1 percent, and while Indonesia and Vietnam round out the top five, neither of them broke the 5 percent barrier

Confused yet? SpamRankings, an academically-driven project looking at messages sent by systems listed in a pair of widely used blocklists (one uses honeypots, the other is more complex, using high-volume mail systems). SpamRankings still has the United States in first place for March 2012, although India was in first place in February. SpanRankings put the United States back on top in March thanks to a surge in spam from a single Web hosting company.

None of this means India has suddenly become a nation of spammers — just that the amount of email spam sent from computers in India now seems to exceed the amount sent my computers in the United States and other countries. To be sure, Indians are victimized by spam just as much as anybody else. And, of course, once a computer is compromised via malware, the spammers controlling the system and using it to distribute messages could be anywhere in the world.

Spam declines

Spam (Money Meds Girls) (Shutterstock Oliveras)

Has there been some sudden upsurge in spam from India? The figures — such as they are — seem to indicate no: The amount of spam originating in India seems to have been relatively consistent for the last several months. However, that steady level now makes India a contender for the top spammer crown, since spam levels in many other major spam source countries have recently declined.

What makes spam levels decline? Kaspersky points to the takedown of the Hlux/Kelihos botnet, which sported a command-and-control infrastructure similar to the successful Waledac botnet. One of Microsoft’s coordinated legal-and-seizure actions was against Waledac in February 2011. There have actually been two Hlux/Kelihos takedowns, one in January 2012 (a sinkhole operation in conjunction with Microsoft) and another just a few weeks ago. One of the operators of the botnet has been identified as a Russian employed by an unnamed antivirus vendor.

Sophos attributes the overall downturn in spam not just to the efforts of security firms and ISPs, but also to new tactics from spammers. Although spammers still rely heavily on email spam, they’re increasingly shifting their efforts to social networking services to distribute marketing spam, as well as links to sites that try to infect visiting computers with malware — often making them unwitting zombie members of botnets. Social-network-spamming techniques don’t even have to rely on false marketing, scareware, or drive-by hijacking techniques: Some social network spammers just use the services to pick up commissions as affiliates — like the 24-year-old who claims to earn $1,000 a day spamming Pinterest.

Spam is getting more dangerous

spam, phishing, security

Although overall spam levels seem to be declining in recent months, there are some shifts in the types of email spam being sent: Malware is on the rise. Many security firms report attempts to infect computers with the Zeus botnet via email are on the rise — this despite Microsoft taking a swipe at the command-and-control structure of one of the major Zeus operations last month. While theres’ still plenty of spam for prescription medications (it still seems to account for more than one third of all spam), online casinos, too-good-to-be-true job offers, and all the usual, the proportion of spam made up of malware (often sent as attachments designed to look like innocuous documents, receipts, invoices, or photographs) is on the rise.

Security vendors universally recommend that computer users keep their antivirus and security packages up to date, and be very careful about following links or opening attachments in email messages. Even messages that look like they’re from trusted sources might include malware, thanks to increasingly-sophisticated phishing techniques.

What to expect

Just as security researchers and law enforcement are reacting more quickly to botnets and other forms of malware, spammers are adjusting their tactics too.

Malware infections will continue to be the heart of and soul of most spamming operations. After all, without being able to use thousands of computers all over the world to distribute their messages (a technique known as “snowshoeing,” distributing their weight) spammers are too easily isolated and shut down. So, spammers are still going to rely on malware to infect computers, take them over, and use them to distribute messages.

However, the speed at which security companies and law enforcement responds to cyberattacks is improving, so spammers are focusing on the quality of their malware attacks (to add zombies to their operations), rather than quantity. Instead of campaigns promoting replica watches or apparel that seem to go on for months (or years!), spammers will rely on sudden, here-then-gone attacks designed to lure users in quickly, infect their machines, then vanish before security operations can fully react. Expect malware spam to increasingly focus on high-profile events (like the upcoming 2012 Summer Olympics in London), holidays (particularly at the end of the year), and messages designed to sound like an emergency in an effort to get users to open an attachment or click a link (fake warnings of suspended accounts, cancelled flights, even police actions). Spammers will also jump on any natural disasters that may occur, including fake messages soliciting donations for relief funds and emergency operations.

These tactics likely mean that spam levels will continue to decline overall — but the remaining spam will be increasingly dangerous.

[ Internet cafe image Shutterstock / Vladimir Melnik
Spam email image via Shutterstock / Carlos A. Oliveras]


It took Dell years to fix 1 problem on its best laptop. Here’s how it did it

The new Dell XPS 13 moves the webcam from the below the screen to the top, finally vanquishing the one obstacle facing thin, sleek laptop displays. We have the exclusive story on how it was done.

How good are you at spotting phishing scams? Take this quiz to find out

Are you able to discern between a legitimate email and one that's a scam designed to phish for your personal information? Google created an online quiz with tips to help you better understand phishing so you don't become a victim.
Product Review

Controversy has dogged the MacBook Pro lately. Is it still a good purchase?

The MacBook Pro is a controversial laptop these days -- and that's unfortunate. Due to some divisive changes Apple made to the functionality of the MacBook Pro, fans are more split. Does the 8th-gen refresh change that?

Midrange Nvidia GTX 1660 Ti graphics card may be 20 percent faster than GTX 1060

In the freshest development in graphics card rumors, alleged benchmarks are showing that the GTX 1660 Ti graphics card could be as much as 20 percent faster when compared to the older GTX 1060. 

Work and play anywhere with these portable, large-screen monitors

Via a recent and successful Kickstarter campaign by Unick, a new line of portable, large-screen monitors has been announced. The Gemini Taihe line of monitors offers two models: the Gemini FHD and the Gemini UHD.
Product Review

The Digital Storm Aventum X is an unstoppable gaming PC. Trust us, we tried

Packed with dual-Nvidia RTX 2080 Ti graphics card and a 9th-generation Intel Core i9 processor, the Aventum X is an infinitely upgradeable gaming PC that’s capable of far more performance than you’ll ever need.

‘Flexgate’ is the latest controversy plaguing some MacBook Pro owners

iFixit recently uncovered a new "Flexgate" issue with MacBook Pros after some consumers reported a "stage light" effect, where the backlighting on the device would fail and cause the bottom of the display to become slightly distorted.

Breeze through security with these checkpoint-friendly laptop bags

Getting through airport security is a drag, but your laptop bag shouldn’t be. Thankfully, these checkpoint-friendly laptop bags will get you and your gear to your destination with ease.

Ditch the backdrop from your photos with these handy tools

Need to know how to remove the background from an image? Here's how, whether you prefer to use a premium program like Photoshop or one of the many web-based alternatives currently in existence.

Think someone's leeching off your Wi-Fi connection? Here's how to find out

It's important to find out immediately if anyone is stealing your bandwidth. Here's how to tell if someone is stealing your Wi-Fi using a few simple tools, along with some suggestions on improving security.

Open RAR files with the greatest of ease using these awesome applications

Few things are more bothersome than not being able to open a file when you need it most. Check out our quick guide about how to open RAR files in Windows and MacOS. We will walk you through the process, step by step.

Google Chrome’s latest decision could prevent most ad-blockers from functioning

Google Chrome's newest change is cited as a step forward for speed and security, but could profoundly alter how the majority of ad-blocking extensions operate. The move potentially gives Google more control over which ads can be blocked.

Samsung permits peek at an eye-popping, 15-inch 4K OLED laptop display

Samsung is now preparing for the new OLED laptop trend and is providing a look at an eye-popping 15.6-inch 4K OLED panel that is expected to power larger premium laptops in the new year.

Here's our head-to-head comparison of Pandora and Spotify

Which music streaming platform is best for you? We pit Spotify versus Pandora, two mighty streaming services with on-demand music and massive catalogs, comparing every facet of the two services to help you decide which is best.