The US generated 14.5% of the total spam volume sent during the last quarter of 2013, giving it a clean sweep of top finishes for 2013. However, the gap to second place narrowed, with China re-emerging as a major player in the spam sending Dirty Dozen, leaping from 4.6% to 8.2%, while Russia’s spam contribution edged up from 3.0% in Q3 to 5.5% in Q4.
"The most obvious message from the Dirty Dozen charts is that the problem of zombified computers spewing spam is a truly global one,” said Sophos senior security analyst Paul Ducklin, who published the results in a blog. “Every region of the world is strongly represented, with the exception of Africa.”
As Ducklin pointed out, it’s important to note that spammers don't send spam themselves: they use botnets, or "zombie armies," of enslaved computers to distribute their spam for them, almost always without the owners of the compromised machines being aware.
And that means spam is simply an indicator of a bigger concern over widespread malware infection. “In most cases, the countries in the Dirty Dozen made it onto the list because a statistically significant proportion of their residents are conducting business online using computers that are actively infected by remote-control malware,” says Ducklin. “So the spam aspect is just a symptom - the start of the problem. Zombie malware means the crooks are already on the inside. It's up to you to turf them out."
The analysis tells a slightly different story when spam per-capita is considered. Here, Belarus has retained its top spot, with the average computer there more than 10 times more likely to send spam than if it were in the US.
The results show relative stability year-over-year, with the only significant move in the per-capita standings coming from Kuwait. In that Middle Eastern country, figures show an almost three-fold increase in spam-relaying per capita, growing from 2.1 times the US figure to 6.07, to elevate it to second place in the table.
Meanwhile, other countries like Uruguay, Taiwan, Luxembourg and Macedonia continued to jockey for position in the top 12 during 2013.
"If your country isn't in the Dirty Dozen, it's easy to feel smug, or at least complacent,” says Ducklin. “Don't do that: if you're a spam sender, Dirty Dozen or not, you are a net positive contributor to cybercrime.”