The Source of All That Spam Dwells Among Us

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

We talked about how spam can hurt the company brand. But where is the spam coming from?


According to the Microsoft Security Intelligence Report Volume 8, the bulk of the spam infilitrating our mailboxes is generated in the United States. The report found that 27 percent of spam comes from U.S. computers. Korea was next with 6.9 percent. Symantec's MessageLabs April 2010 Intelligence Report said that 90 percent of e-mail received in the United States is spam -- certainly not good news for anyone trying to do business via e-mail and trying to get noticed amid all that spam. MessageLabs Intelligence catches approximately 1.5 million malicious e-mails every day.


The Symantec report also found that the bulk of spam is generated by a Windows OS:

A spam index, the likelihood that a particular computer is sending spam, can be calculated by comparing the ratio of spam from a given operating system to its market share. In the current spam climate, this index shows that relative to its market share, any given Linux machine is five times more likely to be sending spam than any given Windows machine. However, Linux machines are only responsible for 5.1 percent of all spam. By virtue of its lower market share, there are fewer examples of malware in circulation that specifically target the Linux operating system. More ISPs are now forcing their clients to route email traffic through the ISPs own "smarthost," a mail server provided for their customers, rather than permit the client to send email directly using TCP port 25. Many such ISPs employ a hosted environment where the operational costs can be lowered through the use of open source technology, such as Linux.

An interesting part of the Microsoft report looked at the threat landscape at home (non-domain linked) versus the enterprise (domain linked). The report found:

Domain-joined computers were much more likely to encounter worms than non-domain computers, primarily because of the way worms propagate. Worms typically spread most effectively via unsecured file shares and removable storage volumes, both of which are often plentiful in enterprise environments and less common in homes.
  • Worms accounted for four of the top 10 families detected on domain-joined computers.
  • Win32/Conficker, which uses several methods of propagation that work more effectively within a typical enterprise network environment than over the public Internet, leads the list by a wide margin.
  • Similarly, Win32/Autorun, which targets removable drives, was more common in domain environments where such volumes are often used to exchange files.
In contrast, the Adware and Miscellaneous Trojans categories are much more common on non-domain computers.