Spam largely evolved in the U.S. in the mid 1990s, when it reached levels of mass annoyance.  Today it makes up 80 to 85 percent of the world's email.  A 2007 study by security firm Sophos showed spam to be alive and kicking in the U.S.  It found that 28.4 percent of spam comes from U.S. computers, followed by South Korea in distant second with 5.2 percent.

Now the tables have turned and the U.S. finds itself in second place.  According to security researchers at Cisco, spam originating in the U.S. actually decreased 20.3 percent this year to 6.6 trillion emails, down from the record 8.3 trillion emails a year before.  Brazil, which was fifth place in the 2007 study has jumped into first place with 7.7 trillion emails.  This is a pretty impressive gain, considering it only accounted for 2.7 trillion messages in 2008.

Cisco Fellow Patrick Peterson comments, "I'm not completely surprised to see U.S falling to number two in the spam stats, but I didn't expect it to happen yet.  I was really gratified to see the actual spam volume decrease, not just ranking, but we [also] decreased the amount of spam that is pouring out of the United States."

Spam these days is mostly an automated affair, originating from botnets of infected computers.  In the U.S. botnets in 2009 dipped, thanks in part to more informed consumers and free security products, such as Microsoft's security essentials.  Tighter security in Microsoft's Windows 7 also is playing a role in cutting spam.

Another pivotal factor is the shutdown of U.S. spam host McColo in 2008. 

While spam originating in the U.S. is falling, Mr. Peterson still fears that it may find a new home and flourish on social network.  He states, "The success and focus on social networking by attackers is also a surprise.  If you look at the time it took for criminals to evolve spam tools and Web-exploit tools, it was a three-year curve. I think that criminals in less than 12 months have developed the business models, ecosystem, and techniques to monetize this very quickly."

Most social network attacks at this point are limited to social engineering schemes and guessing at common passwords.  Still, the attacks are evidence of a growing new problem.  Their success, as is often the case, is largely owed to the poor security savvy of web users.  States Mr. Peterson, "At the end of the day the human is the weak link."

For now he advises users to switch to more complex passwords in order to safeguard their accounts and keep the spammers on the run.  He also suggests to avoid using the same password on different networks.  He describes, "I'm aware primarily of simple password attacks.  Right now that's such fertile ground that I haven't seen a lot of criminal focus or success around the other mechanisms."