Sophos: The "Dirty Dozen" SPAMPIONSHIP: Who’s the biggest? Who’s the worst?
February 2015 by Sophos
The United States of America can finally celebrate failing to win our SPAMPIONSHIP! If it seems odd to cheer yourself for losing the top spot, remember that this is a league table where lower is better.
That’s because the Spampionship is calculated from the SophosLabs spamtrap logs.
The sender of every spam we receive – and we go out of our way to attract and collect spam, so you don’t have to – clocks up one point for his or her country.
The more spam that’s spewed by you and your fellow countrymen, the higher up the chart your motherland will finish. That’s slightly unfair, of course, because big countries with fast internet connections will almost always end up near the top. On the other hand, tiny countries will inevitably lurk near the bottom, no matter how slapdash their residents might be about allowing cybercrooks to commandeer their computers to send spam.
Spam by volume
For years, the USA has come out at the top of our spam by volume chart. That has been a simple side-effect of cheap and fast internet access available to a large population that owns lots of computers. But China has been flirting with top spot for the previous year, and finally cracked that dubious honour in the last quarter of 2014:
One in every six spams now comes from China.
So, whatever China’s so-called Great Firewall is blocking these days, it doesn’t seem to be unsolicited and unwanted email. Nor, for that matter, does China’s national firewall seem to be keeping out the network traffic by which the crooks tell their botnets (collections of malware-infected computers) what to do next. Bear that in mind next time someone tries to convince you that giving up your own privacy and security to make surveillance easier will inevitably make the internet a safer place.
Spam per person
Things get more interesting when we divide each country’s spam volume by its approximate population, giving us a measure of how much spam per person a country sends. Remember, the per-person figures don’t tell us which countries have the most spamlords or cybercrooks. If anything, they tell us which countries have the most slapdash attitude to computer security, because the majority of spam is sent by malware-infected computers that send unsolicited emails without their users realising.
In the spam by population chart, there’s nowhere for small countries to hide.
Last time, for example, we saw tiny Macao sneak in at 12th place for spamminess per person, even though it was way down in 94th place by volume.
Macao has slipped off the table this time, down to 24th position, but nearby Hong Kong has suddenly appeared right up in second place:
South Korea, a country that is no stranger to computer insecurity, heads the Worst of the Worst list, up from fourth place last time. Data breaches have been so extensive in South Korea that the government has even considered scrapping its current national ID system, and issuing everyone a new ID number. Now, it seems, the country has a zombie problem, too. On the other hand, China is way off the per person chart, with just one-third the amount of spam per person as the USA. Interestingly, five countries other than Hong Kong were brand new entries in the per person chart: Ukraine, Kazakhstan, Singapore, the United Arab Emirates and Vietnam.
As you can see, spam really is a global problem.