Spam Disaster Plagues China

According to director of research in computer forensics Gary Warner at the University of Alabama (Birmingham), the majority of spam that spreads malware, pornography and scams, appears to emanate from China. InformationWeek reported this on June 22, 2009.

The researcher notes that about 70% of the entire number of domains utilized to send spam since 2009 beginning have .cn, a domain that is most utilized in China. More specifically, according to him, from January 1 to June 18, 2009, for 69,117 domains hosting various Internet Protocol addresses, 48,552 domains have been .cn.

This, however, does not imply that these spammers all reside in China. Instead, the criminals, operating internationally, have discovered that it is lucrative enough to exploit the poorly controlled Chinese infrastructure.

Posting a note on a blog on June 20, 2009, Warner said he is most certain that the government of China wouldn't agree to let this atrocious situation happen, adding that in all probability no one must have brought the situation adequately to the authority's notice thus far.

According to him, the situation plaguing China can appropriately be described as a spam disaster, a problem that is threefold.

Furthermore, it is quite natural that over one-third of all domain names observed daily in spam belong to China. And if the numerous '.ru' and '.com' domains that also have their base in China are also considered, the problem appears even worse.

Moreover, over 50% of global spam rely on China-registered domain names, are sent from PCs in China, or utilize PCs in China towards the hosting of their websites. The percentage mentioned albeit appears greater than 50, it relates to only spam DOMAINS and not the actual spam mails. Some domains other than .cn dispatch an excessively large number of spam mails.

Also some extremely malicious attacks have their origin in the .cn domain. For instance, the 'Gumblar' assault of malicious software that began in March 2009 was associated with websites that emanated from 'gumblar.cn.' This domain name was in turn associated with Latvian and Russian IP addresses that served the malicious code from certain U.K servers, Security Company ScanSafe disclosed.

Related article: Spam Scam Bags a Scottish Connection

» SPAMfighter News - 7/3/2009