Project Honey Pot has just announced over one billion served – one billion pieces of spam served to Project Honey Pot that is – and with that milestone they have released their analysis of global spam trends and patterns, and it’s very interesting.
Project Honey Pot correctly observes that it’s actually very difficult to determine the country of residence for a spammer, however it is relatively simple to determine the country of origin of the spam itself. As they explain, “spammers’ use of bots can make their messages look like they are coming from somewhere completely different than their actual location. As a result, lists of spam origin countries tell you very little about where the spammers are actually located…. On the other hand, they can help provide insight into a country’s security policies because they give evidence on the number of bots operating within a country’s borders.”
Accordingly, Project Honey Pot has collated a list of the countries with the best IT security – and the worst. Those of you in the United States will be happy to learn that the U.S. made the top 10 for best IT security, although we came in number 6, behind the Netherlands, Australia, Belgium, Canada, and Finland (at number 1). The 10 worst countries for IT security – and thus the ten with the highest number of compromised computers that have been pwned by botnet herders and spammers, and so are being remotely controlled to send spam and other nasty things, include Brazil, Macau, Kazakhstan, Vietnam, Turkey, Macedonia, Columbia and, not surprisingly, China in first place, with South Korea at #3 (Azerbaijan has the dubious distinction of being in second place behind China for having the worst IT security).
[On another note, Internet security firm Symantec this week released their own report in which they state that 83% of all spam is sent by botnets, and that 97% of that spam is sent by a total of just 9 botnets, all of which are known and identified in the Symantec report. In fact, two-thirds of that spam comes from just four botnets: Rustock, Cutwail, Bagle and Bobax (sounds like a lawfirm, doesn’t it?).]
However, Project Honey Pot has another trick up their sleeve for determining where the spammers (or at least the bot herders) are actually located – they look at where the systems that are harvesting email addresses from the web are located. Explains Project Honey Pot, “Our research indicates that, unlike the bots used to send spam, the machines used for harvesting tend to be more permanent, stable, and closely connected to the actual spammer’s location.”
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
Project Honey Pot asserts that the U.S. is #1 when it comes to where email address harvesters are (not a destinction of which we are proud, although we suppose one could hold this up as an example of “good” old American ingenuity. Following are Spain at #2 and, ironically given their position of fifth in the world for IT security, the Netherlands at #3. The UAE, Hong Kong, Romania, the UK, China, South Africa and Germany round out the top ten locations for email address harvesters.
Other interesting facts to come out of the Project Honey Pot analysis include that the number of bots has nearly quadrupled every single year, and that the time from when an email address is first harvested until it receives its first spam has jumped from more than 49 days in 2004 to under 22 days in 2009, with fraud and phishing spam hitting harvested addresses more quickly than so-called “product” spam (spam which is hawking a product or service).
If all this makes you feel down, take heart – with the holidays just around the corner you may be heartened to learn that, as Project Honey Pot puts it, “bad guys take vacations too,” and there is a 21% decrease in spam on Christmas, and a 32% decrease in spam on New Year’s Day (although we doubt that it’s due to New Years’ resolutions).
To read the full report, and to learn more interesting spam facts, such as the days of the week and the times of day when spam is at its highest and its lowest, read the Project Honey Pot report here.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
