All hail the new spam king: India

Email India (Shutterstock, Melnik)

As one of the most-connected countries in the world, computers in the United States have historically been the biggest source of spam on the Internet. That doesn’t mean the U.S. is full of spammers, but rather that the United States is comparatively packed with computers, and a significant number of those have been infected with malware and botnets that put them in the control of spammers. Those spammers, of course, can be located anywhere in the world.

However, recent changes to the spam landscape mean the United States is losing its crown as Spam King. Now, India appears to be the country sending the most spam.

Does the change mean the good guys are winning the war on spam? Or are the spammers just getting more devious?

It’s not easy being number one

Identifying where spam comes from might sound simple — just write a program to analyze spam messages you receive and determine the address of the computer that delivered it to you. (It’s in one of those evil-looking Received lines in the headers of every message.) Then, look up who is responsible for that address — most of the time, that’ll tell you the country (and often the general area) of the particular machine that sent a message. Perform that analysis across millions of spam messages and voilà! Instant rankings of spamming countries!

That’s the basic principle behind all summaries of spam activity, but the reality is a little more complicated. Leaving aside issues like VPNs, misconfigured networks, and abused relays that can greatly obscure the true origin of an email message, you have to make sure the spam you’re receiving (and analyzing) is representative of all the spam being sent everywhere in the world, both in terms of type as well as frequency. Otherwise, your analysis doesn’t have any bearing on global spam activity.

Spam in mailbox

It turns out this is no small feat. Different outfits take different approaches to the problem. Some provide security services and products for consumers and businesses, and generate their reports based on the spam their products catch on behalf of their clients. Sometimes their clients are huge, so the services see a lot of spam. Others set up so-called “honeypot” addresses (email addresses designed to do nothing but receive spam) and publish them widely on Web sites, newsgroups, social networking services, and other places to make sure they get into spammers’ databases — then analyze everything they receive. Still other companies operate email services, and base their assessments of spam on what users do (and don’t) report as spam. Others are network or email services operators, and simply watch their own network traffic and make a note when they see a message bearing the characteristics of known spam.

None of these approaches are perfect, so many outfits use a combination of these techniques (and more besides) to try to get a picture of the state of email spam around the world. But there will still be major gaps, thanks to geopolitics and cultural barriers. For instance, thanks to the Great Firewall, no Western security or email firm has much of a notion of the spam situation in China — and China boasts more Internet users than any other country on Earth.

So, it should come as no surprise that the folks trying to track spam almost never fully agree on where spam originates.

Sophos — Security firm Sophos has made a habit of publishing a “dirty dozen” list of the top 12 spam-sending countries, updated four times a year. For January through March 2012, Sophos says India took the top spot, with computers there sending some 9.3 percent of the spam Sophos analyzed. The United States came in second with 8.3 percent, and from there the amounts drop off quickly: South Korea was third with 5.7 percent, and Indonesia and Russia tied for fourth with 5 percent each.

Kaspersky, a security firm based in Russia, comes to somewhat different conclusions — presumably because the ways it’s sourcing spam are different from those used by Sophos. Nonetheless, for March 2012 Kaspersky found India the top source of spam, sending some 12.3 percent of spam messages it analyzed. (Kaspsersky also gave India top ranks for January and February 2012.) But there Kaspersky parts company with Sophos, consistently ranking Indonesia as the number-two spam sender, with Brazil, Vietnam, and South Korea consistently ranking above the 5 percent mark. For Kaspersky, the United States isn’t number two: in fact, it never even cracks the top ten.

German email security firm eleven also marks India as the top origin country for spam during March 2012, accounting for 11.7 percent of all spam for the month. But guess what? The United States isn’t number two, and neither is Indonesia. Instead, the Russian Federation ranks number two, accounting for 7.5 percent of all spam. Brazil ranked third with 7.1 percent, and while Indonesia and Vietnam round out the top five, neither of them broke the 5 percent barrier

Confused yet? SpamRankings, an academically-driven project looking at messages sent by systems listed in a pair of widely used blocklists (one uses honeypots, the other is more complex, using high-volume mail systems). SpamRankings still has the United States in first place for March 2012, although India was in first place in February. SpanRankings put the United States back on top in March thanks to a surge in spam from a single Web hosting company.

None of this means India has suddenly become a nation of spammers — just that the amount of email spam sent from computers in India now seems to exceed the amount sent my computers in the United States and other countries. To be sure, Indians are victimized by spam just as much as anybody else. And, of course, once a computer is compromised via malware, the spammers controlling the system and using it to distribute messages could be anywhere in the world.

Spam declines

Spam (Money Meds Girls) (Shutterstock Oliveras)

Has there been some sudden upsurge in spam from India? The figures — such as they are — seem to indicate no: The amount of spam originating in India seems to have been relatively consistent for the last several months. However, that steady level now makes India a contender for the top spammer crown, since spam levels in many other major spam source countries have recently declined.

What makes spam levels decline? Kaspersky points to the takedown of the Hlux/Kelihos botnet, which sported a command-and-control infrastructure similar to the successful Waledac botnet. One of Microsoft’s coordinated legal-and-seizure actions was against Waledac in February 2011. There have actually been two Hlux/Kelihos takedowns, one in January 2012 (a sinkhole operation in conjunction with Microsoft) and another just a few weeks ago. One of the operators of the botnet has been identified as a Russian employed by an unnamed antivirus vendor.

Sophos attributes the overall downturn in spam not just to the efforts of security firms and ISPs, but also to new tactics from spammers. Although spammers still rely heavily on email spam, they’re increasingly shifting their efforts to social networking services to distribute marketing spam, as well as links to sites that try to infect visiting computers with malware — often making them unwitting zombie members of botnets. Social-network-spamming techniques don’t even have to rely on false marketing, scareware, or drive-by hijacking techniques: Some social network spammers just use the services to pick up commissions as affiliates — like the 24-year-old who claims to earn $1,000 a day spamming Pinterest.

Spam is getting more dangerous

spam, phishing, security

Although overall spam levels seem to be declining in recent months, there are some shifts in the types of email spam being sent: Malware is on the rise. Many security firms report attempts to infect computers with the Zeus botnet via email are on the rise — this despite Microsoft taking a swipe at the command-and-control structure of one of the major Zeus operations last month. While theres’ still plenty of spam for prescription medications (it still seems to account for more than one third of all spam), online casinos, too-good-to-be-true job offers, and all the usual, the proportion of spam made up of malware (often sent as attachments designed to look like innocuous documents, receipts, invoices, or photographs) is on the rise.

Security vendors universally recommend that computer users keep their antivirus and security packages up to date, and be very careful about following links or opening attachments in email messages. Even messages that look like they’re from trusted sources might include malware, thanks to increasingly-sophisticated phishing techniques.

What to expect

Just as security researchers and law enforcement are reacting more quickly to botnets and other forms of malware, spammers are adjusting their tactics too.

Malware infections will continue to be the heart of and soul of most spamming operations. After all, without being able to use thousands of computers all over the world to distribute their messages (a technique known as “snowshoeing,” distributing their weight) spammers are too easily isolated and shut down. So, spammers are still going to rely on malware to infect computers, take them over, and use them to distribute messages.

However, the speed at which security companies and law enforcement responds to cyberattacks is improving, so spammers are focusing on the quality of their malware attacks (to add zombies to their operations), rather than quantity. Instead of campaigns promoting replica watches or apparel that seem to go on for months (or years!), spammers will rely on sudden, here-then-gone attacks designed to lure users in quickly, infect their machines, then vanish before security operations can fully react. Expect malware spam to increasingly focus on high-profile events (like the upcoming 2012 Summer Olympics in London), holidays (particularly at the end of the year), and messages designed to sound like an emergency in an effort to get users to open an attachment or click a link (fake warnings of suspended accounts, cancelled flights, even police actions). Spammers will also jump on any natural disasters that may occur, including fake messages soliciting donations for relief funds and emergency operations.

These tactics likely mean that spam levels will continue to decline overall — but the remaining spam will be increasingly dangerous.

[ Internet cafe image Shutterstock / Vladimir Melnik
Spam email image via Shutterstock / Carlos A. Oliveras]

Emerging Tech

‘Rogue medicine in a bathtub’: 4 experts on the vice and virtue of pharma hacking

A biohacker, pharmahacker, and two bioethicists walk into a bar. We ordered them a metaphorical round and had a chat about the risks and rewards of DIY medicine — from unsanctioned gene therapy to medication made on the kitchen counter.
Movies & TV

The best shows on Netflix in August, from ‘Arrested Development’ to ‘Dark Tourist’

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.
Computing

The Andromeda botnet still lingers as nations struggle to clean infected PCs

A report by Fortinet suggests that although the FBI and Europe ended the Andromeda botnet’s reign in late 2017, there are still infected PCs. Cleaning up these PCs isn’t progressing at the same pace across various regions.
Emerging Tech

Awesome Tech You Can’t Buy Yet: Robo sidekicks, AC for your bed, and more

Check out our roundup of the best new crowdfunding projects and product announcements that hit the Web this week. You can't buy this stuff yet, but it sure is fun to gawk!
Photography

Color grading pushes Pinnacle Studio 22 toward more pro video editing features

Designed for videographers that aren't pros but aren't basic users either, Pinnacle Studio 22 expands its advanced tools with color grading and four-point editing. The updates bring more advanced tools to the platform.
Emerging Tech

Buying on a budget? Here’s all the best tech you can snag for $25 or less

We live in a world where you can get a cheeseburger for $1, a functioning computer for $5, and thousands of HD movies for $10 -- so it stands to reason that you should be able to pick up some pretty sweet gear for $25.
Computing

Is your PC safe? Foreshadow is the security flaw Intel should have predicted

Three new processor vulnerabilities have appeared under the 'Foreshadow' banner. They're similar in nature to Meltdown and Spectre, only they steal data from different memory spaces. Here's everything you need to know.
Computing

Australian student hacks into Apple, steals 90GB of data because he’s a ‘fan’

A 16-year-old student in Australia broke into Apple’s network multiple times for an entire year to download 90GB of “secure” data and access customer accounts. He did this because he was a "fan."
Web

Google claims censored search in China is ‘not close’ as employees protest

Google CEO, Sundar Pinchai, has promised employees that the company is "not close" to releasing a censored search product in China, despite claims that it was working on such a project.
Web

Adobe Spark Page makes web design easy — here’s how to use it

Using artificial intelligence and simple tools, Adobe Spark Page is designed for easy web page design. Here's how to use Adobe Spark Page to create a travel journal, event page or any other one-page website.
Deals

Best Buy drops the price of MacBooks for its anniversary sale

It's not every day you see a MacBook sale like this, so you'll definitely want to consider these savings -- especially if you're a student. Students can save an additional $150 just by signing up for Best Buy student deals.
Deals

Walmart Back to College sale: Save big on computers, TVs, tablets, and more

Walmart's Back to College sale is your chance to score big discounts on name-brand electronics, so whether you're getting ahead of the new school year or just doing some shopping, we've picked out the best deals that can save you hundreds…
Computing

Qualcomm’s Snapdragon 850 chip appears in benchmarks with improved performance

A benchmark for Qualcomm’s new Snapdragon 850 processor show a less-than-stellar increase in multi-core performance over the previous 835 chip. Introduced in June, the Snapdragon 850 promises up to 30 percent better performance.
Computing

These 30 apps are absolutely essential for Mac lovers

There are literally hundreds of thousands of great software programs compatible with MacOS, but which should you download? Look no further than our list of the best Mac apps you can find for the latest MacOS and how they can help out your…