Sophos says US first in spam, China second
By Gareth Powell
Perhaps a little caution should be shown when looking at figures provided by security vendors. It is in their best interests that you should feel insecure and then you will perhaps purchase security.
So if Sophos says the United States again led the world as a spam producing, malware hosting country last year you can accept it; as long as you are not in the United States when it becomes a bit of a worry.
Sophos said U.S.-based computers were responsible for sending 22% of spam sent in 2006. Then came China with 15.9% and South Korea third at 7.4%.
Hold hard, my good fellow. Is this spam Chinese which Sophos so carefully correlated written and published in Chinese? And which form of Chinese? Big5? I think we should be told.
I HAVE seen Chinese spam. You may well have done as well. If you do not have Chinese characters loaded on your machine it probably came up as a lot of question marks. But did it come to nearly 16% of your spam? Some assiduous checking with correspondents around the world suggest that the figure is somewhere near 0.2%. In fact, insignificant.
If, on the other hand, Sophos is saying the spam out of China was in the English language then I am totally bemused.
The shortage of English speakers in China is acute. Of English writers, far more so. Go to Alibaba and read the wonderful English used to describe goods and you will see the problem. ‘We have a good opportunity to have business with you, we will do our best for a long-term partnership with you based on sincerely and trust.’ Quite so.
When Sophos states China took top dishonor as the nation that generated the most malicious code in 2006 you need to be a little careful before accepting that as gospel as well. It all depends what you mean by ‘malicious code.’
Ron O’Brien, senior security analyst for Sophos said, ‘Thirty percent of the malware written during 2006 came from China. Most of it was designed to steal logons and passwords related to online games.’ When, asked why Chinese malware targets online gaming rather than, say, bank accounts, O’Brien said games ’seem to have more of a cultural significance than strictly finance. It’s like an American hacking MySpace.’
Why do security vendors keep sending out statistics about spam? It seems to have more a financial significance than strictly giving us the good oil.
Related:
Entry was posted
on Tuesday, January 23rd, 2007 at 6:19 am
under
Read more entries by Gareth Powell.
Stumble It!
January 23rd, 2007
A couple of quick observations. (As you can see, I am from Sophos.)
Sophos’s statistics about “spam out of China” are exactly that: a measure of the locations of those PCs from which spam was actually delivered. Up to 90% of all spam is now relayed from zombie computers, hijacked by Trojan horses, worms and viruses under the control of hackers. So the spam-relaying countries list is a security (or insecurity) indicator — telling you where compromised PCs are to be found in the largest numbers — and not a measure of which languages spam is written in.
And in respect of malicious code from China, the report makes it clear that 17% of (not most) Chinese malware aims to steal passwords for on-line gaming. Password stealers of any sort *are malicious* — there is no ambiguity in definition here. You may consider password stealers for on-line games to be less serious than those going after your banking login, but they cannot be exonerated on this account.
I think that the association between malware and on-line gaming in China is a surprising, and an interesting, indicator of some of the cultural aspects of computer use (and misuse) in that country.
January 23rd, 2007
Thank you for a most informed and enlightening comment. I take your point that China is, indeed, an insecure personal computer country and that I was mistaken in thinking the extension of that was that the spam was therefore written in Chinese.
I am not so sure that we are agreemnt in stealing passwords for online gaming. I think of it, as do most Chinese, as a form of challenge and a source of innocuous entertainment.
The association between malware and online gaming is not surprising if you saw how much part of the culture of China online gaming has become. It is caused, primarily, I think, by the Interent cafes which are havens from noisy and overcrowded rooms. It is a sort of group therapy and he who hacks best rules the roost. It is very, very different from Western countries and, indeed, for other Asian countries I know well.
Thank you for taking the time to write. I sincerely appreciate it.
Gareth
January 23rd, 2007
I’d argue strongly against the convenient assertion that malware distribution and password stealing is a source of “innocuous entertainment” and an acceptable part of any kind of “group therapy.”
There are plenty of innocent ways to pass one’s time in an internet cafe — including enjoying online games — without indulging in illegal activities designed to steal other people’s personal data by software subterfuge. (It suddenly sounds rather more like what it is when described this way — cybercrime — does it not?)
Sneakily stealing passwords is neither a ncessary nor an acceptable part of online gaming — indeed, the password stealing happens _outside_ the environment of the game, and can be seen as anti-social against those who are legally and innocently participating in that online community.
Also, remember that many users inadvertently use the same password on multiple accounts, and that robbing them of gaming passwords must be considered in that very much broader security context. It’s not a game, it’s not part of a game, and it’s a slippery slope to excuse it as acceptable as if it were…
As I mentioned above, you can argue that stealing gaming passwords in China is much less serious than stealing banking passwords in Brazil. (Nearly all Brazilian malware is that way inclined, as we mention in the report.) But the practice of using malware in this way should at least actively be discouraged in China, if only because it’s just not fair on the people whose computers get infected by the malware, and whose passwords get ripped off.