Project Honey Pot, a non-profit grassroots community of IT professionals set up in 2004 to capture and analyze malicious traffic, just captured its one billionth spam message. It is marking the opportunity by releasing some long-term findings, it said. One of the findings is that the number of computers co-opted as part of botnet operations has increased by 378% each year, on average.
"Fortunately, Project Honey Pot's coverage of active botnets has grown over time at an even faster rate. In 2006, we saw less than 20% of the active bots on any given day. Today we see more than 80%", the Project said.
Project Honey Pot is particularly interested in finding out where spammers reside, and used the fact that botnet computers are primarily used for sending spam to do some data analysis. It used the number of infected PCs in a country, divided by the number of Project Honey Pot members in the country, to create a ratio showing how friendly that country was to spam originating within its borders.
Finland, Canada and Belgium ranked top three in terms of anti-spam security, whereas China, Azerbaijan, and South Korea ranked worst.
However, the Project pointed out that spam from botnet computers may not indicate where the spammers really reside. Instead, it looked at the computers used to harvest email addresses for spam campaigns, and used that as a guide to where the spammers may really be located. The US ranked first, followed by Spain, and the Netherlands.
The Project also found that different types of spam campaign used harvested messages with varying speed. Product-based spam campaigns would build up a collection of harvested addresses for as long as a month before mailing them. "On the other hand 'Fraud' spammers - those committing phishing or so-called '419' advanced fee scams - tend to send to and discard harvested addresses almost immediately", it concluded.