Security threats Toolkit

Spam: Made in Taiwan?

Tags:
Taiwan,
Spam

Candace Lombardi CNET News

Published: 12 Jun 2006 12:55 BST

The majority of spam servers are physically located in Taiwan, according to CipherTrust.

In research conducted in May, the email security company found that 64 percent of machines sending out junk mail were in that country. Next was the United States with 23 percent and third China, with 3 percent.

CipherTrust also determined that unwanted email traffic went up as much as 20 percent worldwide in May. The data was gathered using CipherTrust's network of fake "zombie" computers, among other sources, the company said. Spammers typically use networks of zombies, or compromised PCs used without their owners' knowledge, to send out their junk messages.

The company attributed the spam rise to two factors: the demise of antispam efforts by Blue Security, and growing use by spammers of image-only emails to defeat filters.

After a distributed denial-of-service attack at its service provider, Six Apart, Blue Security announced it would cease its antispam activities. The Israeli company ran an effort called Blue Frog, which enlisted people to send replies to unwanted emails, resulting in a barrage of messages to spam servers.

"They (Blue Security) had hundreds of thousands of clients," Dmitri Alperovitch, a CipherTrust research engineer, said Friday.

As for image-based spam, it's now one of the most popular ways for spammers to combat filters, he added. Text is placed into a message as an image. This allows them to fool some systems that use textual recognition to parse the words of a message to identify emails as spam.

Using images, spammers can also more easily alter the print, background color and other identifying factors used by message analysis tools, Alperovitch said.

"It's hard to identify as spam, unless you are using optical-recognition technology, trying to identify characters within an image to recognise as text," he said.

But optical-recognition technology is typically not appropriate for use in antispam systems because it's fairly slow and not extremely accurate, he said.

Alperovitch also said CipherTrust saw 7.4 million new zombies in May. About 24 percent of them are located in China, 9.4 percent in the US and 7.5 percent in Germany. However, Alperovitch noted, there are only a few thousand spam servers.

"There are about 5,000 servers who are actually sending the spam to the zombies. Most people would not even see the spam server. Their interaction is only ever with the zombies out there," he said.