Spam largely evolved in the U.S. in
the mid 1990s, when it reached levels of mass
annoyance. Today it makes up 80 to 85 percent of the
world's email. A 2007 study by security firm Sophos showed spam
to be alive and kicking in the U.S. It found that 28.4 percent
of spam comes from U.S. computers, followed by South Korea in distant
second with 5.2 percent.
Now the tables have turned and the
U.S. finds itself in second
place. According to security researchers at Cisco, spam
originating in the U.S. actually decreased 20.3 percent this year to
6.6 trillion emails, down from the record 8.3 trillion emails a year
before. Brazil, which was fifth place in the 2007 study has
jumped into first place with 7.7 trillion emails. This is a
pretty impressive gain, considering it only accounted for 2.7
trillion messages in 2008.
Cisco Fellow Patrick Peterson
comments, "I'm not completely surprised to see U.S falling to
number two in the spam stats, but I didn't expect it to happen yet.
I was really gratified to see the actual spam volume decrease, not
just ranking, but we [also] decreased the amount of spam that is
pouring out of the United States."
Spam these days is
mostly an automated affair, originating from botnets of infected
computers. In the U.S. botnets in 2009 dipped, thanks in part
to more informed consumers and free security products, such as
Microsoft's security essentials. Tighter security in
Microsoft's Windows 7 also is playing a role in cutting
Another pivotal factor is the shutdown of U.S.
spam host McColo in 2008.
While spam originating in
the U.S. is falling, Mr. Peterson still fears that it may find a new
home and flourish on social network. He states, "The
success and focus on social networking by attackers is also a
surprise. If you look at the time it took for criminals to
evolve spam tools and Web-exploit tools, it was a three-year curve. I
think that criminals in less than 12 months have developed the
business models, ecosystem, and techniques to monetize this very
network attacks at this point are limited to social engineering
schemes and guessing at common passwords. Still, the attacks
are evidence of a growing new problem. Their success, as is
often the case, is largely owed to the poor security savvy of web
users. States Mr. Peterson, "At the end of the day the
human is the weak link."
For now he advises users to
switch to more complex passwords in order to safeguard their accounts
and keep the spammers on the run. He also suggests to avoid
using the same password on different networks. He describes,
"I'm aware primarily of simple password attacks. Right now
that's such fertile ground that I haven't seen a lot of criminal
focus or success around the other mechanisms."