All hail the new spam king: India

Email India (Shutterstock, Melnik)

As one of the most-connected countries in the world, computers in the United States have historically been the biggest source of spam on the Internet. That doesn’t mean the U.S. is full of spammers, but rather that the United States is comparatively packed with computers, and a significant number of those have been infected with malware and botnets that put them in the control of spammers. Those spammers, of course, can be located anywhere in the world.

However, recent changes to the spam landscape mean the United States is losing its crown as Spam King. Now, India appears to be the country sending the most spam.

Does the change mean the good guys are winning the war on spam? Or are the spammers just getting more devious?

It’s not easy being number one

Identifying where spam comes from might sound simple — just write a program to analyze spam messages you receive and determine the address of the computer that delivered it to you. (It’s in one of those evil-looking Received lines in the headers of every message.) Then, look up who is responsible for that address — most of the time, that’ll tell you the country (and often the general area) of the particular machine that sent a message. Perform that analysis across millions of spam messages and voilà! Instant rankings of spamming countries!

That’s the basic principle behind all summaries of spam activity, but the reality is a little more complicated. Leaving aside issues like VPNs, misconfigured networks, and abused relays that can greatly obscure the true origin of an email message, you have to make sure the spam you’re receiving (and analyzing) is representative of all the spam being sent everywhere in the world, both in terms of type as well as frequency. Otherwise, your analysis doesn’t have any bearing on global spam activity.

Spam in mailbox

It turns out this is no small feat. Different outfits take different approaches to the problem. Some provide security services and products for consumers and businesses, and generate their reports based on the spam their products catch on behalf of their clients. Sometimes their clients are huge, so the services see a lot of spam. Others set up so-called “honeypot” addresses (email addresses designed to do nothing but receive spam) and publish them widely on Web sites, newsgroups, social networking services, and other places to make sure they get into spammers’ databases — then analyze everything they receive. Still other companies operate email services, and base their assessments of spam on what users do (and don’t) report as spam. Others are network or email services operators, and simply watch their own network traffic and make a note when they see a message bearing the characteristics of known spam.

None of these approaches are perfect, so many outfits use a combination of these techniques (and more besides) to try to get a picture of the state of email spam around the world. But there will still be major gaps, thanks to geopolitics and cultural barriers. For instance, thanks to the Great Firewall, no Western security or email firm has much of a notion of the spam situation in China — and China boasts more Internet users than any other country on Earth.

So, it should come as no surprise that the folks trying to track spam almost never fully agree on where spam originates.

Sophos — Security firm Sophos has made a habit of publishing a “dirty dozen” list of the top 12 spam-sending countries, updated four times a year. For January through March 2012, Sophos says India took the top spot, with computers there sending some 9.3 percent of the spam Sophos analyzed. The United States came in second with 8.3 percent, and from there the amounts drop off quickly: South Korea was third with 5.7 percent, and Indonesia and Russia tied for fourth with 5 percent each.

Kaspersky, a security firm based in Russia, comes to somewhat different conclusions — presumably because the ways it’s sourcing spam are different from those used by Sophos. Nonetheless, for March 2012 Kaspersky found India the top source of spam, sending some 12.3 percent of spam messages it analyzed. (Kaspsersky also gave India top ranks for January and February 2012.) But there Kaspersky parts company with Sophos, consistently ranking Indonesia as the number-two spam sender, with Brazil, Vietnam, and South Korea consistently ranking above the 5 percent mark. For Kaspersky, the United States isn’t number two: in fact, it never even cracks the top ten.

German email security firm eleven also marks India as the top origin country for spam during March 2012, accounting for 11.7 percent of all spam for the month. But guess what? The United States isn’t number two, and neither is Indonesia. Instead, the Russian Federation ranks number two, accounting for 7.5 percent of all spam. Brazil ranked third with 7.1 percent, and while Indonesia and Vietnam round out the top five, neither of them broke the 5 percent barrier

Confused yet? SpamRankings, an academically-driven project looking at messages sent by systems listed in a pair of widely used blocklists (one uses honeypots, the other is more complex, using high-volume mail systems). SpamRankings still has the United States in first place for March 2012, although India was in first place in February. SpanRankings put the United States back on top in March thanks to a surge in spam from a single Web hosting company.

None of this means India has suddenly become a nation of spammers — just that the amount of email spam sent from computers in India now seems to exceed the amount sent my computers in the United States and other countries. To be sure, Indians are victimized by spam just as much as anybody else. And, of course, once a computer is compromised via malware, the spammers controlling the system and using it to distribute messages could be anywhere in the world.

Spam declines

Spam (Money Meds Girls) (Shutterstock Oliveras)

Has there been some sudden upsurge in spam from India? The figures — such as they are — seem to indicate no: The amount of spam originating in India seems to have been relatively consistent for the last several months. However, that steady level now makes India a contender for the top spammer crown, since spam levels in many other major spam source countries have recently declined.

What makes spam levels decline? Kaspersky points to the takedown of the Hlux/Kelihos botnet, which sported a command-and-control infrastructure similar to the successful Waledac botnet. One of Microsoft’s coordinated legal-and-seizure actions was against Waledac in February 2011. There have actually been two Hlux/Kelihos takedowns, one in January 2012 (a sinkhole operation in conjunction with Microsoft) and another just a few weeks ago. One of the operators of the botnet has been identified as a Russian employed by an unnamed antivirus vendor.

Sophos attributes the overall downturn in spam not just to the efforts of security firms and ISPs, but also to new tactics from spammers. Although spammers still rely heavily on email spam, they’re increasingly shifting their efforts to social networking services to distribute marketing spam, as well as links to sites that try to infect visiting computers with malware — often making them unwitting zombie members of botnets. Social-network-spamming techniques don’t even have to rely on false marketing, scareware, or drive-by hijacking techniques: Some social network spammers just use the services to pick up commissions as affiliates — like the 24-year-old who claims to earn $1,000 a day spamming Pinterest.

Spam is getting more dangerous

spam, phishing, security

Although overall spam levels seem to be declining in recent months, there are some shifts in the types of email spam being sent: Malware is on the rise. Many security firms report attempts to infect computers with the Zeus botnet via email are on the rise — this despite Microsoft taking a swipe at the command-and-control structure of one of the major Zeus operations last month. While theres’ still plenty of spam for prescription medications (it still seems to account for more than one third of all spam), online casinos, too-good-to-be-true job offers, and all the usual, the proportion of spam made up of malware (often sent as attachments designed to look like innocuous documents, receipts, invoices, or photographs) is on the rise.

Security vendors universally recommend that computer users keep their antivirus and security packages up to date, and be very careful about following links or opening attachments in email messages. Even messages that look like they’re from trusted sources might include malware, thanks to increasingly-sophisticated phishing techniques.

What to expect

Just as security researchers and law enforcement are reacting more quickly to botnets and other forms of malware, spammers are adjusting their tactics too.

Malware infections will continue to be the heart of and soul of most spamming operations. After all, without being able to use thousands of computers all over the world to distribute their messages (a technique known as “snowshoeing,” distributing their weight) spammers are too easily isolated and shut down. So, spammers are still going to rely on malware to infect computers, take them over, and use them to distribute messages.

However, the speed at which security companies and law enforcement responds to cyberattacks is improving, so spammers are focusing on the quality of their malware attacks (to add zombies to their operations), rather than quantity. Instead of campaigns promoting replica watches or apparel that seem to go on for months (or years!), spammers will rely on sudden, here-then-gone attacks designed to lure users in quickly, infect their machines, then vanish before security operations can fully react. Expect malware spam to increasingly focus on high-profile events (like the upcoming 2012 Summer Olympics in London), holidays (particularly at the end of the year), and messages designed to sound like an emergency in an effort to get users to open an attachment or click a link (fake warnings of suspended accounts, cancelled flights, even police actions). Spammers will also jump on any natural disasters that may occur, including fake messages soliciting donations for relief funds and emergency operations.

These tactics likely mean that spam levels will continue to decline overall — but the remaining spam will be increasingly dangerous.

[ Internet cafe image Shutterstock / Vladimir Melnik
Spam email image via Shutterstock / Carlos A. Oliveras]

Product Review

Google’s Pixel 3 is a hair away from pocket-sized perfection

Google’s Pixel 3 smartphone is the best Android phone you can buy. It doesn’t have the best looks or the best hardware, but you’ll be hard pressed to find better software and unique A.I. functionalities.

Antivirus software has evolved a lot recently, and we need it more than ever

Everyone says you need it, but really is antivirus software, and how does it work? It depends on who you ask as different digital security companies employ different techniques to combat the latest malware threats.

If you're light on memory, these are the best lite apps for Android and iOS

Looking to save data, storage, and reduce performance issues? Lite apps and Progressive Web Apps (PWAs) are the best options. Here's our roundup of lite apps and PWAs for all the most popular apps on the market.

Here’s how Google’s Call Screening A.I. works, and how to use it

Google's Pixel 3 and 3 XL smartphones can take excellent photos, but there are a few artificial intelligence features that steal the show. Call Screening uses Google Assistant to answer the phone for spam calls.
Virtual Reality

Oculus Rift, HTC Vive head-to-head: Prices drop, but our favorite stays the same

The Oculus Rift and HTC Vive are the two big names in the virtual-reality arena, but most people can only afford one. Our comparison tells you which is best when you pit the Oculus Rift vs. HTC Vive.

What's the best laptop? We've reviewed a lot of them, and this is our answer

The best laptop should be one that checks all the boxes: Great battery life, beautiful design, and top-notch performance. The laptops we've chosen for our best laptops you can buy do all that — and throw in some extra features while…
Emerging Tech

Awesome Tech You Can’t Buy Yet: A.I.-powered cat toys, wallets, food containers

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!
Emerging Tech

Looking for a good read? Here are the best, most eye-opening books about tech

Sometimes it's sensible to put down the gadgets and pick up a good old-fashioned book -- to read about the latest gadgets, of course. Here are the tech books you need to check out.

The 'Fallout 76' beta starts tomorrow! Here's when it starts and how to join

Want to get into Bethesda's Fallout 76 beta? We don't know when the program will launch, but we provide instructions on how to get ready. The game officially launches on November 14.

Samsung’s HMD Odyssey Plus gives you a clearer view into the virtual world

Samsung's refreshed HMD Odyssey+ promises to make Windows Mixed Reality experiences better by eliminating pixelated views caused by screen doors. The $500 headset also focuses on comfort this year with ergonomic improvements.

Intel denies rumors that 10nm Cannon Lake CPUs have been canned

Intel's long-in-development and oft-delayed, Cannon Lake 10nm CPU design has reportedly been canceled. Intel is denying the rumor, but if true, it could push back the release of new Intel chips by a long time.

Not to be outdone, Samsung says it’s making a laptop with a foldable display

Samsung announced that it is also working on a dual-screen computer. But rather than using two separate display panels, Samsung said that its novel laptop will come with a large flexible display that can fold when closed.

Free your digital memories, and frame them, with the best photo printers

Printed photos are experiencing a revival at the moment, but you don’t need to go to a special lab. Here’s our favorite options for making quality prints, from pocket-sized printers to wide-format photo printers capable of spitting out…

A new bug in the Windows 10 October 2018 Update could delete your files

The Windows 10 October 2018 Update has been on a rough path and in the latest set of issues, a new bug is impacting native zip file operations, potentially leading to overwritten files in some instances.