Providers of the Top 20 Most SPAM Spreading Internet Networks

A new report from researchers at the University of Twente in the Netherlands has revealed that just 20 Internet Service Providers (ISPs) out of over 42,000 are responsible for nearly half of all the internet addresses that send SPAM (e.g. junk marketing email) and similar malicious content (viruses, phishing etc.).

According to the ‘Internet Bad Neighbourhoods‘ study, a significant part of current “attacks” originate from hosts that are distributed all over the online world. But most of these hosts appear to be “concentrated in certain parts of the Internet” (aka – “bad neighbourhoods” or BadHoods).

The Source of SPAM (Report Extract)

“Bad Neighborhoods are mostly application specific and they might be located in neighborhoods one would not immediately expect. For example, we found that phishing Bad Neighborhoods are mostly located in the United States and other developed nations – since these nations hosts the majority of data centers and cloud computing providers – while spam comes from mostly Southern Asia.”

The study also took a close look at IP address blocks with the highest number of Low-Volume Spammers (LVS) and was able to identify the corresponding ISP, which are revealed below as the “top 20 providers that manage the /24 most malicious LVS BadHoods” (also includes a top 20 for ISPs that support High-Volume Spammers [HVS] in the right hand column).

The team observed that some LVS BadHoods are made up almost exclusively of spamming hosts, such as Libyan Telecom having 235 spamming hosts in a single /24 netblock or SpectraNet (Nigeria) having an “alarming ratio” of up to 62.55% of their announced IPs sending spam.

The data also suggest that most LVS comes from bots (i.e. botnets or virus/trojan controlled computers), which won’t come as a surprise to anybody, and some ISPs are clearly “neglecting the propagation of bots and malicious activities that the hosts in their networks carry“.

At present a big chunk of the problem comes from ISPs in Southern Asia. But in the future most of the SPAM being sent to you will probably come from.. Brazil, Russia, India and China. Currently, these countries have a moderate but fast growing Internet penetration, though the report warns that we should “expect a significant increase” in the future.

“Consider India, a country that ranks first in number of spamming IP addresses. If India would have the same Internet penetration rate as the United States (a developed country comparable in size) while keeping its current ratio of malicious IP addresses, that would cause an increase of 200%,” says the report.

The good news is that spam is becoming more predictable and as global regulation tightens then it may be easier to target key sources of the problem. SPAM, in our humble opinion, is still one of the biggest threats to the internet ecosystem (just shy of state censorship and corporate abuse).

Internet Bad Neighbourhoods (PDF)
http://doc.utwente.nl/84507/1/thesis_G_Moura.pdf