0

I hate it, you hate it, everyone hates spam.

Perhaps just as annoying as the fact that most of us have no interest in improving our sexual performance, enlarging our sexual organs or accepting a refinancing deal from a complete stranger, is the fact that we just do not know who the spineless dirt-bags are behind the spam. Until now, thanks to those wonderful chaps at The Spamhaus Project

Spamhaus is an international non-profit organization founded in 1998, based in the UK, which provides real-time anti-spam protection for Internet networks via its spam-blocking databases, including the Spamhaus Block List (SBL) and the Exploits Block List (XBL). Broadcast from a network of 32 servers in 12 countries, the Spamhaus block-lists are used by many of the Internet's major Internet Service Providers, Corporations, Universities, Government and Military networks, and currently protect the mailboxes of over 630 Million Internet users.

But Spamhaus does much more than this, using the data it collects for its block lists, it is able to analyze and maintain evidence on the most prolific spam gangs around the planet, which it publishes as the Register Of Known Spam Operations (ROKSO), used by ISPs to avoid signing up known spammers and by law enforcement agencies to help with investigations and prosecutions.

What this reveals, rather alarmingly, is that around 80% of spam that targets Internet users in North America and Europe is actually generated by a small hardcore group of no more than 200 professional spam gangs. Although the profile will change week by week, as I write this article the 10 spammers or spam gangs causing the most damage on the Internet according to ROKSO are:

  1. Alex Blood (aka Alexander Mosh, AlekseyB, Alex Polyakov)
  2. Leo Kuvayev (aka BadCow)
  3. Michael Lindsay (iMedia Networks)
  4. Ruslan Ibragimov (send-safe.com)
  5. Amichai Inbar
  6. Pavka (aka Artofit)
  7. Vincent Chan
  8. Alexey Panov
  9. Jeffrey Peters (JTel / CPU Solutions)
  10. Tim Goyetche

ROKSO operates a three strikes register, where at least three ISPs have terminated a contract with a spammer for acceptable use violations. Once entered in the database, these spammers are also automatically listed in the Spamhaus Block List. Most of the spammers listed within ROKSO will be operating illegally, moving from network to network, country to country, hunting down the kind of spam-friendly IPSs that just don’t care enough to enforce anti-spam policy. Sadly, for some service providers the company motto seems to be ‘a buck is buck’ and they really do not care if grabbing the cash means you get more spam.

Funnily enough, Spamhaus keeps a top ten list of those networks that are responsible for delivering most spam, and as I write they are (known spam issues noted in brackets):

  1. verizonbusiness.com (165)
  2. serverflo.com (60)
  3. sbc.com (56)
  4. xo.com (40)
  5. proxad.net (36)
  6. rr.com (34)
  7. tpnet.pl (34)
  8. edu.tw (33)
  9. hinet.net (31)
  10. ttnet.net.tr (31)

And just to tidy things up, here are the world’s worst spam haven countries, those countries where most of the spam originates because laws against it do not exist or are poorly implemented and pursued.

According to the Spamhaus ROKSO list this week (known spam issues in brackets again):

  1. United States (1990)
  2. China (296)
  3. Japan (245)
  4. Russia (229)
  5. Canada (164)
  6. South Korea (161)
  7. United Kingdom (147)
  8. Taiwan (139)
  9. Hong Kong (136)
  10. Netherlands (129)

You only have to look at the US to see how ineffective current laws are. The second name on the most wanted spammer list, Leo Kuvayev, was fined $37 million in October 2005 by a Massachusetts court for spamming operations in the US. Instead of sending him to prison where he could do no more harm, the chap appears to have skipped the country and is thought to be continuing his operations from Russia instead. Or how about most wanted number three, Michael Lindsay, who Spamhaus allege is behind a company selling spammer hosting at high premiums to customers who can then spam via botnet zombies with the payloads hosted offshore? Or convicted felon, Jeffrey Peters at number 9, who Spamhaus claim is behind a fake Russian ISP that serves many of the other criminal ROKSO spammers? And with four out of the ten worst spammers coming from Russia, I probably do not need to labor the point that this particular country does not take spam seriously either.

Who would have thought it, the US and Russia allied in a new cold war where you and I, the ordinary Internet users, are the victims.

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

3
Contributors
6
Replies
7
Views
10 Years
Discussion Span
Last Post by happygeek
0

The only thing that would make them stop is freezing their assets, actually sending them to prison for long terms, that sort of thing. UCE is ruining email as a communications medium, and I think that's pretty serious. Unfortunately the CAN-SPAM act seems to be a license to spam. :sad:

0

I agree, the fines are pointless if they don't get paid and the perps skip the country.

But, to be honest, it is rare enough to get a prosecution anyway so jail time is just as meaningless.

What is needed is some real global determination, and that is always going to be missing.

0

Well, it's official. Google Webmaster Tools has ranked this page as having the highest pagerank on the daniweb.com domain for the month of December.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.