Where Spam Comes From
from the right-here-in-the-US-of-A dept
This shouldn't be a huge surprise, but the latest spam study shows that the vast majority of spam is coming from US-based computers. Of course, much of this is due to hijacked "zombie" machines - most of which are found here in the US. Figuring out the actual country of origin of most spam really doesn't seem all that useful when the machines aren't actually owned by the spammers. Thus, about the only thing really interesting is the finding that 30% of all spam is now sent from such zombie machines. This raises the question of how do we deal with such machines. Why aren't internet providers being more proactive in discovering these machines and alerting their users?
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Why?
Look at it one of two ways: some people will say they're just greedy little ISPs, looking to not upset the steady flow of customer money into their pockets, and dealin with the zombie spam problem may disrupt that flow.
The other side of the coin is that many ISPs are simply swamped with work, at least in the system bits, and can't possibly allocate people to the job of dealing with this problem because they have already allocated all their people on stuff that will impact their ability to serve the customers who directly pay them, and impact it immediately. So, everyone's crunching just to keep the system going, and they don't have funding enough to allow the techs time to sleep or look into something that one of their idiot users did NOW.
[ link to this | view in chronology ]
Re: Why?
Think you are right AC, especially the second bullet. Most ISPs don't have enough experience and intelligence to implement these fixes, and prefer to keep status quo then change.
However, can someone tell me why Cox seems to hate me because I use a real (OpenBSD based) firewall, and tells me every time I call them to let them know that their router is acting funny or their mail server is down (which is actually quite rare,) that they insist that I put a windows box up instead so they can test my end to see if the problem is here? My openbsd firewall doesn't reject ping or udp packets, so they can ping or traceroute it just fine. Allow your customers to use non-Windows software, and you're likely to have far less zombies out there....
[ link to this | view in chronology ]
No Subject Given
[ link to this | view in chronology ]
Re: No Subject Given
But from experience a LOT of ISPs don't even bother. Videotron here in Quebec is useless when it comes to security. They consistently do nothing when you report an infected PC to them..I've given up on it.
Just for fun, I monitored my firewall on their cable network and I filled a nice sized hard drive in a couple of days...I'm tempted to say that the majority of the PCs on their networks are infected winXP or win2K machines...I get hit so much that the receiving packets light on the modem is consistently (not flashing) red. Amounting to THOUSANDS of attempts per day.
I just feel lucky that the network slowdown hasn't been TOO bad (there's no other choice for cablemodem access around here).
I use linux for my servers/firewall so 99% of the logged attempts are useless on my stuff.
I've complained and complained, sent in logs anything they request (WHEN they ever do) but the most they've done so far is cut off external access to port 80 (woohoo..big deal).
[ link to this | view in chronology ]
Re: Cable Modem light
While some of the activity that you're seeing on the cable modem light is indeed malware attempting to get to your system, it's only a small percentage of what you're seeing on the light.
The rest of the spurious activity is ARP packets generated by the switch. A lot of recent malware tries to contact randomly generated IP addresses. Every time that the switch for your cable segment gets a request for a node that it hasn't heard of, it hits everyone with an ARP to see if the requested node responds. Of course, no response is ever forthcoming.
[ link to this | view in chronology ]
Re: Cable Modem light
Seriously, it's nice to know why that traffic is as bad as it is (although as I said...looking for the attempts on my logs..you pretty much see a reason to think that's all the traffic there is)
[ link to this | view in chronology ]
US spam
[ link to this | view in chronology ]