Dirty Dozen Spampionship – which country is spewing the most spam?
With the 2014 World Cup complete, and the Commonwealth Games just round the corner, we thought it was a good time to publish the latest SophosLabs Spampionship charts.
We measured which computers in the world sent the most spam in the second quarter (April, May and June) of 2014, and turned our measurements into a pair of League Tables.
The first table shows the amount of spam per country by pure volume, and the other shows the approximate amount of spam per person.
By volume # 1 US 24.20%
By volume # 2 France 6.7%
By volume # 3 China 6.2%
By volume # 4 Italy 5.2%
By volume # 5 Russia 5.1%
By volume # 6 Germany 3.6%
By volume # 7 South Korea 3.2%
By volume # 8 Ukraine 3.0%
By volume # 9 Spain 2.8%
By volume #10 Vietnam 2.7%
By volume #11 Japan 2.5%
By volume #12 Argentina 2.4%
Per capita # 1 Bulgaria 2.1 x US
Per capita # 2 Belarus 1.9 x US
Per capita # 3 Switzerland 1.7 x US
Per capita # 4 Luxembourg 1.6 x US
Per capita # 5 France 1.4 x US
Per capita # 6 Armenia 1.3 x US
Per capita # 7 Uruguay 1.3 x US
Per capita # 8 Iceland 1.2 x US
Per capita # 9 Israel 1.2 x US
Per capita #10 Italy 1.1 x US
Per capita #11 Taiwan 1.1 x US
Per capita #12 US 1.0 x US
As always, we’re not seriously suggesting that spam prevention is a competitive exercise, and we’re not implying that the countries at the top of our charts are the worst offenders when it comes to cybercrime.
Remember that the vast majority of spam is sent unsuspectingly from computers infected with malware, so that if you aren’t careful, you may end up being part of the problem rather than part of the solution.
Imagine, for a moment, that your computer is infected to the point that unknown cybercriminals from the other side of the world can order it to start sending spam at will.
Now stop to think what else those crooks might be asking your computer to do, such as:
- Logging your keystrokes to steal online usernames and passwords.
- Searching through your files for interesting data to download.
- Tricking you into clicking on ads to generate pay-per-click revenue.
- Posting “recommendations” for your friends on your social networks.
- Downloading more malware, for example ransomware that scrambles your data and demands an unlock fee.
- Attacking other people’s websites, making you look like the crook.
- Acting as a proxy, or relay, and charging rent to other crooks so they can use your internet connection to cover their tracks.
Almost every piece of spam that was counted by SophosLabs for inclusion in the charts above came from a computer that might well have done any or all of the above things, in addition to sending spam.
Spam – it’s a world game
So, just as the soccer World Cup reminds us that football is the World Game, because it’s played so keenly in so many countries, we hope the Spampionship Tables are a reminder that spam is a global problem that affects us all.
Of course, it’s easy to see the Spampionship Tables as inevitably negative: no matter how much spam there is (or isn’t), there will always be a Top Twelve, and if one country falls out of the charts, another will take its place.
But there are some good points this quarter, most notably that the top per-person spam relaying countries are no longer as far in front as they were before.
As we have come to expect, the US tops the “by volume” charts, simply because it has a large population and the bulk of the world’s internet infrastructure.
Because of that, our Spampionship has adopted the custom of using the US as the benchmark per capita figure, so that other countries are measured by how much more or less spam per person they send.
Simplifying greatly, the average computer in a country that weighs in at 2x the spam-per-person of the US probably has about twice the chance of being infected with malware.
Similarly, if computers in your country are, on average, twice as well protected (and your users twice as cautious) as in the US, you’d expected to show up with a spam-per-person rate of 0.5x the US figure.
Big improvement in Belarus
In the second half of 2013, Belarus was the per capita spam frontrunner with a spam rate 10x the US.
This time, Belarus has given up first place to Bulgaria, with both those countries coming in at about 2x the US figure.
Some other points of interest from the latest tables are:
- Switzerland has come from way behind (having been no higher than 20th in the previous three quarters) to win the Bronze medal. If you’re Swiss, I urge you to check your computer for malware right away, just in case.
- Luxembourg has held onto its fourth spot, for the third time in the past year. We aren’t sure why, but for a developed economy in the European Union, that’s a bad look. You can do better!
- France and Italy are making an appearance for the first time in the past year, too. Italy has been at the fringes of the Top Twelve (14th) before, but France has previously been no higher than 27th. Quel dommage.
- Despite being the clear winner by volume every quarter since we started the Spampionship, the US has never been in the per capita Top Twelve before. This time, the US just sneaked into 12th place.
- Last quarter’s “little countries”, population wise, were The Bahamas and Macau; they’ve dropped out of the charts this time, letting Iceland back in for the second time in a year.
- The only South East Asian country in the per person Top Twelve is Taiwan, down to 11th after spending the back end of 2013 in third position.
The bottom line
In summary, we aren’t pointing fingers at you if you come from one of the countries at the top of our chart.
But we do want you to remember that almost all the spam that SophosLabs receives in its spamtraps is there because someone slipped up with their security.
Don’t give the cybercrooks a foothold to carry out their crimes: kill-a-zombie today!