Where Spam Comes From

from the right-here-in-the-US-of-A dept

This shouldn’t be a huge surprise, but the latest spam study shows that the vast majority of spam is coming from US-based computers. Of course, much of this is due to hijacked “zombie” machines – most of which are found here in the US. Figuring out the actual country of origin of most spam really doesn’t seem all that useful when the machines aren’t actually owned by the spammers. Thus, about the only thing really interesting is the finding that 30% of all spam is now sent from such zombie machines. This raises the question of how do we deal with such machines. Why aren’t internet providers being more proactive in discovering these machines and alerting their users?

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Where Spam Comes From”

Subscribe: RSS Leave a comment
Anonymous Coward says:


Simply, it doesn’t make them money to do so.

Look at it one of two ways: some people will say they’re just greedy little ISPs, looking to not upset the steady flow of customer money into their pockets, and dealin with the zombie spam problem may disrupt that flow.

The other side of the coin is that many ISPs are simply swamped with work, at least in the system bits, and can’t possibly allocate people to the job of dealing with this problem because they have already allocated all their people on stuff that will impact their ability to serve the customers who directly pay them, and impact it immediately. So, everyone’s crunching just to keep the system going, and they don’t have funding enough to allow the techs time to sleep or look into something that one of their idiot users did NOW.

LittleW0lf says:

Re: Why?

Simply, it doesn’t make them money to do so.

Think you are right AC, especially the second bullet. Most ISPs don’t have enough experience and intelligence to implement these fixes, and prefer to keep status quo then change.

However, can someone tell me why Cox seems to hate me because I use a real (OpenBSD based) firewall, and tells me every time I call them to let them know that their router is acting funny or their mail server is down (which is actually quite rare,) that they insist that I put a windows box up instead so they can test my end to see if the problem is here? My openbsd firewall doesn’t reject ping or udp packets, so they can ping or traceroute it just fine. Allow your customers to use non-Windows software, and you’re likely to have far less zombies out there….

thecaptain says:

Re: No Subject Given

To you and me that would seem simple, in fact, that’s how the security guys at my company shut down a lot of infected machines before they could even get out in the wild.

But from experience a LOT of ISPs don’t even bother. Videotron here in Quebec is useless when it comes to security. They consistently do nothing when you report an infected PC to them..I’ve given up on it.

Just for fun, I monitored my firewall on their cable network and I filled a nice sized hard drive in a couple of days…I’m tempted to say that the majority of the PCs on their networks are infected winXP or win2K machines…I get hit so much that the receiving packets light on the modem is consistently (not flashing) red. Amounting to THOUSANDS of attempts per day.

I just feel lucky that the network slowdown hasn’t been TOO bad (there’s no other choice for cablemodem access around here).

I use linux for my servers/firewall so 99% of the logged attempts are useless on my stuff.

I’ve complained and complained, sent in logs anything they request (WHEN they ever do) but the most they’ve done so far is cut off external access to port 80 (woohoo..big deal).

Doug says:

Re: Re: Cable Modem light

A small tech note:

While some of the activity that you’re seeing on the cable modem light is indeed malware attempting to get to your system, it’s only a small percentage of what you’re seeing on the light.

The rest of the spurious activity is ARP packets generated by the switch. A lot of recent malware tries to contact randomly generated IP addresses. Every time that the switch for your cable segment gets a request for a node that it hasn’t heard of, it hits everyone with an ARP to see if the requested node responds. Of course, no response is ever forthcoming.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...