Monthly Archives: May 2012

Congratulations to Israel and Spain for dropping out of April World SpamRankings.net!

Israel Israel and Spain Spain were the only two countries to drop out of the world top 20 spammers from CBL data in April 2012. Congratulations!

Not so lucky were the U.K. U.K. and Turkey Turkey, which joined the top 20.

Also, Korea, South Korea got to #2 in the second and third week of the month. and placed third overall, up from fifth in March.

April 2012 Monthly Countries Countries ∀ All SpamRankings.net from CBL Volume
(Previous Month)

Rank (Previous)CountryPopulationVolume% of top 20
1 (1) United States US 310,232,863 104,308,126 17.1%
2 (2) India IN 1,173,108,018 68,811,807 11.3%
3 (5) Korea, South KR 48,422,644 58,983,193 9.66%
4 (6) Vietnam VN 89,571,130 51,301,264 8.4%
5 (3) Brazil BR 201,103,330 38,033,087 6.23%
6 (4) Russian Federation RU 140,702,000 36,167,764 5.92%
7 (8) Taiwan TW 22,894,384 33,163,766 5.43%
8 (7) Poland PL 38,500,000 32,507,068 5.32%
9 (9) Romania RO 21,959,278 24,545,877 4.02%
10 (12) Belarus BY 9,685,000 23,895,403 3.91%
11 (13) China CN 1,330,044,000 18,743,935 3.07%
12 (14) Peru PE 29,907,003 17,293,193 2.83%
13 (11) Ukraine UA 45,415,596 16,062,362 2.63%
14 (18) Kazakhstan KZ 15,340,000 14,924,036 2.44%
15 (15) Argentina AR 41,343,201 13,819,396 2.26%
16 (-) United Kingdom GB 62,348,447 13,638,509 2.23%
17 (17) Pakistan PK 184,404,791 12,320,247 2.02%
18 (10) Indonesia ID 242,968,342 10,899,369 1.78%
19 (-) Turkey TR 77,804,122 10,675,444 1.75%
20 (19) Colombia CO 44,205,293 10,651,199 1.74%
    Total   610,745,045 100%
 
  In Previous  
(16) Spain ES 46,505,963 15,819,585  
(20) Israel IL 7,353,985 11,349,660  

-jsq

An ISP snowshoes ahead in spamming

Continuing the question of Ogee snowshoe: black swan or new strategy? let’s look at Ogee snowshoe spam in the first week of May 2012.

The two dotted lines trending down together in the middle are AS 29131 and AS 28178, and they both fit the traditional profile for snowshoe spam hosting sites, because they advertise hosting or colocation as their main services. AS 29131 is registered to RapidSwitch, which advertises dedicated servers, cloud solutions, and colocation. AS 28178, registered as Network Operations Center (NOC), which keeps on rolling waves of snowshoe spam, appears to be operating under the name BurstNet, which offers managed servers and co-location as its first two services.

However, the dotted line rising to the top right that pulled the solid overall snowshoe volume line back up is not a hosting center: it’s an ISP. CDM’s AS 6428 appears to be operating as Primary Network, whose first services are T-1 Internet access and metro Internet. And Primary Network is not alone. We’ve pulled out a list of all the ASNs affected by Ogee snowshoe so far, and quite a few of them are ISPs, some of them very well known ISPs.

Snowshoe: it’s not just for hosting centers anymore.

-jsq

Microsoft, world leader in Internet security: and spamming?

Microsoft, world leader in Internet security, will doubtless clean up its spamming act when it sees its AS 8075 is #1 for outbound spam in the U.S. for April 2012 in rankings from PSBL data, pushing the U.S. to #1 worldwide. Other rankings don’t show Microsoft high, but does MSFT really want to show up in any of these rankings?

Rank (Previous)CountryPopulationSpam
Volume		Percent
of top 10
1 (3) US 310,232,863 673,30618.2%
2 (2) IN 1,173,108,018 506,39713.7%
3 (1) CN 1,330,044,000 413,08911.2%
    Total   3,689,376100%

These rankings that show Microsoft high are derived by SpamRankings.net from PSBL blocklist data. The April 2012 SpamRankings.net from CBL blocklist data do not show Microsoft in the top 10. Apparently PSBL’s spam traps happened to be in the line of spam from Microsoft, while CBL’s were not.

And of course Microsoft probably doesn’t mean to be sending any of that spam. More likely botnets exploited a MSFT security vulnerability. Here’s hoping they clean it up soon!

-jsq