Spam hit an all-time high this year, with more unwanted messages pouring in from a smorgasbord of countries, thanks in part to globalization. Such are the findings of a recent and comprehensive report on all things security-related from IBM X-Force.
The typical spam message has sources as diverse as the spam lunch meat; it's sent from a machine located in the United States, India, or Brazil, and it contains a .ru URL (Russia's top-level domain) that's hosted in China. The trend illustrates the global challenge of fighting spam as well as phishing. If a country manages to crack down on all or even part of a spammer operation, the purveyors can easily find refuge in more tolerant (or less vigilant) countries.
[ Also on InfoWorld.com: IBM's X-Force admits it erred in reporting on Google's patching track record | Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
Spammers have managed to rebound from the McColo Shutdown in 2008, a setback that occurred when a rogue ISP in California called McColo was closed off. Spam levels dropped by almost 50 percent after the incident and remained stagnant for into early 2009. But by November 2009, spam levels were double those of the pre-McColo shutdown -- and they reached an all-time high last June. The IBM report doesn't specify how much spam is sent out daily, but according to Commtouch, 183 billion spam messages were sent out daily during the first quarter of 2010.
The United States remains the top origination point of spam, sending out nearly 10 percent of the total global crop. Brazil is second on the list, responsible for 8.4 percent, followed closely by India at 8.1 percent. Russia has risen to fourth place as the originator of 5.3 percent of the planet's junk mail. In fifth is Vietnam, churning out 4.6 percent.
Whereas the aforementioned countries lay claim to sending out the most spam, they aren't responsible for hosting the most spam URLs; that is, the links users are prompted to click when opening spam. Rather, China is the top dog in that arena, hosting more than one-third of all spam URLs. The United States holds the second spot, hosting 17 percent of spam links, followed by South Korea at 9 percent.
Interestingly, although China hosts the most spam URLs, the top-level domains have moved from China to Russia -- "possibly because of new tighter restrictions imposed by China on registering domain names," according to the IBM X-Force report.
Where Russia to crack down on domain-name registration, spammers would have no shortage of options. According to the report, for example, Vietnam and Brazil are experiencing a surge in spam production. IBM X-Force attributes the trend to the fact that Vietnam and Brazil have seen country-wide Internet usage soar over the past decade: a 1,419 percent change in Brazil and a 12,035 percent change in Vietnam.
"These increases have lead to a large number of inexperienced people using PCs. These PCs may be less patched or protected. Or, they may be more prone to socially-engineered beguilement, making them more vulnerable to malware that could turn them into botnet drones," says the report.
The report also found that "most spam URLs, when they do link to the Internet, tend to link to traditionally 'good' Websites. However, when we break down the data into our 68 categories, the most frequented type of Website is in the 'bad' category: pornography."
Among other spam trends, the most prevalant spam subject line is "You have a new personal message," followed "Replica watches" and "RE: SALE 70% 0FF on Pfizer."
The most common type of spam message is what X-Force describes as "the most unsuspicious type of email: HTML-based spam without attachments."
Finally, the most common URL domains used in spam varies from month to month: In January 2010, for example, the most common URL domain employed in a spam message was flickr.com, followed by imageshack.us, radikal.ru, livefilestore.com, and webmd.com. Fast-forward to June, and the top five URL domains were imageshack.us, imageshost.ru, pikucha.ru, imgur.com, and myasvir.com. In all cases in 2010, the top five domains have been well known or well established and are not registered for hosting spam content.