Where Spam Comes From

from the right-here-in-the-US-of-A dept

This shouldn't be a huge surprise, but the latest spam study shows that the vast majority of spam is coming from US-based computers. Of course, much of this is due to hijacked "zombie" machines - most of which are found here in the US. Figuring out the actual country of origin of most spam really doesn't seem all that useful when the machines aren't actually owned by the spammers. Thus, about the only thing really interesting is the finding that 30% of all spam is now sent from such zombie machines. This raises the question of how do we deal with such machines. Why aren't internet providers being more proactive in discovering these machines and alerting their users?
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 26 Feb 2004 @ 3:33pm

    Why?

    Simply, it doesn't make them money to do so.

    Look at it one of two ways: some people will say they're just greedy little ISPs, looking to not upset the steady flow of customer money into their pockets, and dealin with the zombie spam problem may disrupt that flow.

    The other side of the coin is that many ISPs are simply swamped with work, at least in the system bits, and can't possibly allocate people to the job of dealing with this problem because they have already allocated all their people on stuff that will impact their ability to serve the customers who directly pay them, and impact it immediately. So, everyone's crunching just to keep the system going, and they don't have funding enough to allow the techs time to sleep or look into something that one of their idiot users did NOW.

    link to this | view in thread ]

  2. identicon
    Chris ODonnell, 26 Feb 2004 @ 5:08pm

    No Subject Given

    It doesn't seem like it would that difficult for an ISP to monitor the amount of traffic hitting port 25 and shut down anybody suddenly pumping out 10,0000 emails an hour. Hell, for that matter they should refuse to turn the customer back on until they prove the computer is clean.

    link to this | view in thread ]

  3. identicon
    LittleW0lf, 26 Feb 2004 @ 6:17pm

    Re: Why?

    Simply, it doesn't make them money to do so.

    Think you are right AC, especially the second bullet. Most ISPs don't have enough experience and intelligence to implement these fixes, and prefer to keep status quo then change.

    However, can someone tell me why Cox seems to hate me because I use a real (OpenBSD based) firewall, and tells me every time I call them to let them know that their router is acting funny or their mail server is down (which is actually quite rare,) that they insist that I put a windows box up instead so they can test my end to see if the problem is here? My openbsd firewall doesn't reject ping or udp packets, so they can ping or traceroute it just fine. Allow your customers to use non-Windows software, and you're likely to have far less zombies out there....

    link to this | view in thread ]

  4. identicon
    thecaptain, 27 Feb 2004 @ 6:54am

    Re: No Subject Given

    To you and me that would seem simple, in fact, that's how the security guys at my company shut down a lot of infected machines before they could even get out in the wild.

    But from experience a LOT of ISPs don't even bother. Videotron here in Quebec is useless when it comes to security. They consistently do nothing when you report an infected PC to them..I've given up on it.

    Just for fun, I monitored my firewall on their cable network and I filled a nice sized hard drive in a couple of days...I'm tempted to say that the majority of the PCs on their networks are infected winXP or win2K machines...I get hit so much that the receiving packets light on the modem is consistently (not flashing) red. Amounting to THOUSANDS of attempts per day.

    I just feel lucky that the network slowdown hasn't been TOO bad (there's no other choice for cablemodem access around here).

    I use linux for my servers/firewall so 99% of the logged attempts are useless on my stuff.

    I've complained and complained, sent in logs anything they request (WHEN they ever do) but the most they've done so far is cut off external access to port 80 (woohoo..big deal).

    link to this | view in thread ]

  5. identicon
    Mark, 27 Feb 2004 @ 7:25am

    US spam

    The stuff that I get that doesn't come from China, Mexico or Brazil is usually from just a handful of US based ISPs - Roadrunner, Charter and PacBell. Sometimes I wonder why I bother reporting to those guys.

    link to this | view in thread ]

  6. identicon
    Doug, 27 Feb 2004 @ 3:47pm

    Re: Cable Modem light

    A small tech note:

    While some of the activity that you're seeing on the cable modem light is indeed malware attempting to get to your system, it's only a small percentage of what you're seeing on the light.

    The rest of the spurious activity is ARP packets generated by the switch. A lot of recent malware tries to contact randomly generated IP addresses. Every time that the switch for your cable segment gets a request for a node that it hasn't heard of, it hits everyone with an ARP to see if the requested node responds. Of course, no response is ever forthcoming.

    link to this | view in thread ]

  7. identicon
    thecaptain, 28 Feb 2004 @ 6:46am

    Re: Cable Modem light

    Wow! Thanks for that information. You learn something new everyday :)

    Seriously, it's nice to know why that traffic is as bad as it is (although as I said...looking for the attempts on my logs..you pretty much see a reason to think that's all the traffic there is)

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.