All hail the new spam king: India

Email India (Shutterstock, Melnik)

As one of the most-connected countries in the world, computers in the United States have historically been the biggest source of spam on the Internet. That doesn’t mean the U.S. is full of spammers, but rather that the United States is comparatively packed with computers, and a significant number of those have been infected with malware and botnets that put them in the control of spammers. Those spammers, of course, can be located anywhere in the world.

However, recent changes to the spam landscape mean the United States is losing its crown as Spam King. Now, India appears to be the country sending the most spam.

Does the change mean the good guys are winning the war on spam? Or are the spammers just getting more devious?

It’s not easy being number one

Identifying where spam comes from might sound simple — just write a program to analyze spam messages you receive and determine the address of the computer that delivered it to you. (It’s in one of those evil-looking Received lines in the headers of every message.) Then, look up who is responsible for that address — most of the time, that’ll tell you the country (and often the general area) of the particular machine that sent a message. Perform that analysis across millions of spam messages and voilà! Instant rankings of spamming countries!

That’s the basic principle behind all summaries of spam activity, but the reality is a little more complicated. Leaving aside issues like VPNs, misconfigured networks, and abused relays that can greatly obscure the true origin of an email message, you have to make sure the spam you’re receiving (and analyzing) is representative of all the spam being sent everywhere in the world, both in terms of type as well as frequency. Otherwise, your analysis doesn’t have any bearing on global spam activity.

Spam in mailbox

It turns out this is no small feat. Different outfits take different approaches to the problem. Some provide security services and products for consumers and businesses, and generate their reports based on the spam their products catch on behalf of their clients. Sometimes their clients are huge, so the services see a lot of spam. Others set up so-called “honeypot” addresses (email addresses designed to do nothing but receive spam) and publish them widely on Web sites, newsgroups, social networking services, and other places to make sure they get into spammers’ databases — then analyze everything they receive. Still other companies operate email services, and base their assessments of spam on what users do (and don’t) report as spam. Others are network or email services operators, and simply watch their own network traffic and make a note when they see a message bearing the characteristics of known spam.

None of these approaches are perfect, so many outfits use a combination of these techniques (and more besides) to try to get a picture of the state of email spam around the world. But there will still be major gaps, thanks to geopolitics and cultural barriers. For instance, thanks to the Great Firewall, no Western security or email firm has much of a notion of the spam situation in China — and China boasts more Internet users than any other country on Earth.

So, it should come as no surprise that the folks trying to track spam almost never fully agree on where spam originates.

Sophos — Security firm Sophos has made a habit of publishing a “dirty dozen” list of the top 12 spam-sending countries, updated four times a year. For January through March 2012, Sophos says India took the top spot, with computers there sending some 9.3 percent of the spam Sophos analyzed. The United States came in second with 8.3 percent, and from there the amounts drop off quickly: South Korea was third with 5.7 percent, and Indonesia and Russia tied for fourth with 5 percent each.

Kaspersky, a security firm based in Russia, comes to somewhat different conclusions — presumably because the ways it’s sourcing spam are different from those used by Sophos. Nonetheless, for March 2012 Kaspersky found India the top source of spam, sending some 12.3 percent of spam messages it analyzed. (Kaspsersky also gave India top ranks for January and February 2012.) But there Kaspersky parts company with Sophos, consistently ranking Indonesia as the number-two spam sender, with Brazil, Vietnam, and South Korea consistently ranking above the 5 percent mark. For Kaspersky, the United States isn’t number two: in fact, it never even cracks the top ten.

German email security firm eleven also marks India as the top origin country for spam during March 2012, accounting for 11.7 percent of all spam for the month. But guess what? The United States isn’t number two, and neither is Indonesia. Instead, the Russian Federation ranks number two, accounting for 7.5 percent of all spam. Brazil ranked third with 7.1 percent, and while Indonesia and Vietnam round out the top five, neither of them broke the 5 percent barrier

Confused yet? SpamRankings, an academically-driven project looking at messages sent by systems listed in a pair of widely used blocklists (one uses honeypots, the other is more complex, using high-volume mail systems). SpamRankings still has the United States in first place for March 2012, although India was in first place in February. SpanRankings put the United States back on top in March thanks to a surge in spam from a single Web hosting company.

None of this means India has suddenly become a nation of spammers — just that the amount of email spam sent from computers in India now seems to exceed the amount sent my computers in the United States and other countries. To be sure, Indians are victimized by spam just as much as anybody else. And, of course, once a computer is compromised via malware, the spammers controlling the system and using it to distribute messages could be anywhere in the world.

Spam declines

Spam (Money Meds Girls) (Shutterstock Oliveras)

Has there been some sudden upsurge in spam from India? The figures — such as they are — seem to indicate no: The amount of spam originating in India seems to have been relatively consistent for the last several months. However, that steady level now makes India a contender for the top spammer crown, since spam levels in many other major spam source countries have recently declined.

What makes spam levels decline? Kaspersky points to the takedown of the Hlux/Kelihos botnet, which sported a command-and-control infrastructure similar to the successful Waledac botnet. One of Microsoft’s coordinated legal-and-seizure actions was against Waledac in February 2011. There have actually been two Hlux/Kelihos takedowns, one in January 2012 (a sinkhole operation in conjunction with Microsoft) and another just a few weeks ago. One of the operators of the botnet has been identified as a Russian employed by an unnamed antivirus vendor.

Sophos attributes the overall downturn in spam not just to the efforts of security firms and ISPs, but also to new tactics from spammers. Although spammers still rely heavily on email spam, they’re increasingly shifting their efforts to social networking services to distribute marketing spam, as well as links to sites that try to infect visiting computers with malware — often making them unwitting zombie members of botnets. Social-network-spamming techniques don’t even have to rely on false marketing, scareware, or drive-by hijacking techniques: Some social network spammers just use the services to pick up commissions as affiliates — like the 24-year-old who claims to earn $1,000 a day spamming Pinterest.

Spam is getting more dangerous

spam, phishing, security

Although overall spam levels seem to be declining in recent months, there are some shifts in the types of email spam being sent: Malware is on the rise. Many security firms report attempts to infect computers with the Zeus botnet via email are on the rise — this despite Microsoft taking a swipe at the command-and-control structure of one of the major Zeus operations last month. While theres’ still plenty of spam for prescription medications (it still seems to account for more than one third of all spam), online casinos, too-good-to-be-true job offers, and all the usual, the proportion of spam made up of malware (often sent as attachments designed to look like innocuous documents, receipts, invoices, or photographs) is on the rise.

Security vendors universally recommend that computer users keep their antivirus and security packages up to date, and be very careful about following links or opening attachments in email messages. Even messages that look like they’re from trusted sources might include malware, thanks to increasingly-sophisticated phishing techniques.

What to expect

Just as security researchers and law enforcement are reacting more quickly to botnets and other forms of malware, spammers are adjusting their tactics too.

Malware infections will continue to be the heart of and soul of most spamming operations. After all, without being able to use thousands of computers all over the world to distribute their messages (a technique known as “snowshoeing,” distributing their weight) spammers are too easily isolated and shut down. So, spammers are still going to rely on malware to infect computers, take them over, and use them to distribute messages.

However, the speed at which security companies and law enforcement responds to cyberattacks is improving, so spammers are focusing on the quality of their malware attacks (to add zombies to their operations), rather than quantity. Instead of campaigns promoting replica watches or apparel that seem to go on for months (or years!), spammers will rely on sudden, here-then-gone attacks designed to lure users in quickly, infect their machines, then vanish before security operations can fully react. Expect malware spam to increasingly focus on high-profile events (like the upcoming 2012 Summer Olympics in London), holidays (particularly at the end of the year), and messages designed to sound like an emergency in an effort to get users to open an attachment or click a link (fake warnings of suspended accounts, cancelled flights, even police actions). Spammers will also jump on any natural disasters that may occur, including fake messages soliciting donations for relief funds and emergency operations.

These tactics likely mean that spam levels will continue to decline overall — but the remaining spam will be increasingly dangerous.

[ Internet cafe image Shutterstock / Vladimir Melnik
Spam email image via Shutterstock / Carlos A. Oliveras]


From Jay Rock to Saba, these are the 50 best albums of 2018

We've spent the year listening to new albums, digging deep, and culling our master list into 50 favorites. From blockbuster releases to hidden gems, these are the best albums of 2018.

5G’s arrival is transforming tech. Here’s everything you need to know to keep up

It has been years in the making, but 5G is finally becoming a reality. While 5G coverage is still extremely limited, expect to see it expand in 2019. Not sure what 5G even is? Here's everything you need to know.

Apple's iOS 12.1.1 makes it easier to switch cameras in FaceTime

After months of betas, the final version of iOS 12 is here to download. The latest OS comes along with tons of new capabilities, from grouped notifications to Siri Shortcuts. Here are all the features you'll find in iOS 12.
Home Theater

Confused about LED vs. LCD TVs? Here's everything you need to know

Our LED vs. LCD TV buying guide explains why these two common types of displays are fundamentally connected, how they differ, what to look for in buying an LED TV, and what's on the horizon for TVs.

Canada’s winters inspired a startup to warm homes with cryptomining heat waste

Cryptomining may be the key to untold riches and the future of currency, but it’s also an environmental nightmare. Heatmine, thinks it has the answer, but it could mean bolting a mining rig onto every home and business in the country.

The best MacBook deals for December 2018

If you’re in the market for a new Apple laptop, let us make your work a little easier: We hunted down the best up-to-date MacBook deals available online right now from various retailers.
Emerging Tech

Awesome Tech You Can’t Buy Yet: Booze-filled ski poles and crypto piggy banks

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!

How to connect AirPods to your MacBook

If you have new AirPods, you may be looking forward to pairing them with your MacBook. Our guide will show you exactly how to connect AirPods to MacBook, what to do if they are already paired with a device, and more.

Hitting ‘Check for updates’ in Windows 10 opts you into beta releases

Users who are careful about keeping their system updated should watch out -- Microsoft revealed this week that clicking the Check for updates button in Windows can opt you in to testing beta code.
Product Review

The Asus ZenBook 14 is a tiny notebook that gets lost in the crowd

The ZenBook 14 aims to be the smallest 14-inch notebook around, and it succeeds thanks to some tiny bezels. Performance and battery life are good, but the notebook lacks a standout feature other than size.

Secure your Excel documents with a password by following these quick steps

Excel documents are used by people and businesses all over the world. Given how often they contain sensitive information, it makes sense to keep them from the wrong eyes. Thankfully, it's easy to secure them with a password.

Which Macs are compatible with MacOS Mojave?

Is your computer ready for Apple's big Mojave update? Here's what you need to know about MacOS Mojave compatibility, what Macs can successful download Mojave, and the requirements you need to know about.

Change your mouse cursor in Windows with these quick tips

The standard mouse cursor is boring, so change it! With this guide on how to change your mouse cursor in Windows, you can choose to use one of Microsoft's pre-installed cursors or download something a bit more extravagant.

The DualShock 4 is one of the best controllers ever, and you can use it with a PC

Sony's new DualShock 4 controller has become a fan favorite, and some people want to use it with a PC. Here's how to connect your DualShock 4 and start using it, either with an official adapter, or unofficial software.