The majority of Internet spam still is coming from the U.S., but the country is making headway in fighting mass e-mail attacks, according to the most recent analysis from security authority Sophos.
The company's latest "dirty dozen" report listing the top 12 spamming countries shows that the U.S. remains the worst offender, but is relaying significantly less of the world's spam than it did a year ago, while spam traffic from China and South Korea increased substantially.
Zombies on the Rise
At the same time, detecting the origins of spam is becoming more difficult as the use of zombie computers -- hijacked PCs infected by malware -- now accounts for 60 percent of all such attacks, Sophos reports. The evolving nature of spamming now allows culprits to be in a different country than the computers they exploit.
While the United States, South Korea and China (including Hong Kong) still account for more than 50 percent of all spam, the United States (down to 26 percent from 42 percent in 2004) and Canada (down to 3 percent from 7 percent in 2004) have reduced their roles in the problem significantly.
By contrast, the percentage of spam generated in China and Hong Kong shot from 9 percent in 2004 to 16 percent this year; South Korea saw a leap from 12 percent to 20 percent.
The problem is worse in the U.S. and South Korea because of the higher number of computer users with broadband connections, which makes it easier for spammers to do their dirty work.
ISPs Making Headway
"In North America, [Internet service providers] are sharing more knowledge on how to combat spammers and are educating users about the problem," said Graham Cluley, senior technology consultant for Sophos. Also having an effect in the U.S. is enforcement of the CAN-SPAM Act, he said, which has resulted in some spammers going to jail or being forced to relocate overseas.
The introduction of Windows XP SP2 a year ago, with its improved security, has done much to defend home users from computer hijacking, Cluley said. The concern now is that spammers will turn to other net-based scams, such as spyware and identity-theft malware, to make a quick buck, he said.
Faced with international awareness and country-specific legislation, spammers increasingly are turning to illegitimate service providers, virus writers, and hackers. By taking control of unprotected PCs, hackers can relay spam, launch denial-of-service attacks or steal user information, without detection, Sophos reports.
Cluley urged computer users to keep their antivirus software up to date, run a properly configured firewall and install the latest software patches.
The "dirty dozen" list is as follows:
1. United States 26.35%
2. South Korea 19.73%
3. China and Hong Kong 15.70%
4. France 3.46%
5. Brazil 2.67%
6. Canada 2.53%
7. Taiwan 2.22%
8. Spain 2.21%
9. Japan 2.02%
10. United Kingdom 1.55%
11. Pakistan 1.42%
12. Germany 1.26%
Other nations: 18.88%