Europe still top source of spam

For the third month running, compromised computers in Europe have pushed out more spam than those in the U.S.

Tom Espiner Special to CNET News

Feb. 6, 2008 6:48 a.m. PT

2 min read

European spam networks have pumped out more unsolicited e-mail than those in the U.S. for the third month in a row, according to security vendor Symantec.

Symantec called this a "significant shift" in spam trends as, historically, compromised U.S. computers have been used to send spam, and many spammers have been U.S.-based.

Fredrik Sjostedt, one of Symantec's European product marketing managers, told ZDNet UK on Tuesday that Symantec suspects gangs are taking advantage of the increasing European broadband market.

"The penetration of broadband is tremendous in Europe," Sjostedt said. "We've now clearly overtaken the U.S. in sending spam."

Symantec also believes many spammers are now based in Europe. "Historically the majority of spammers were U.S.-based, but now we're seeing a lot of Eastern European and Russian spam gangs active. Spammers tend to use closer turf as a jump off point," Sjostedt said.

More broadband means compromised computers can send spam faster, while gangs are increasingly becoming organized, said the Symantec manager.

"We've moved away from traditional, individual spammers, to loosely tied groups of spam senders, malware coders, and people selling access to botnets," Sjostedt said.

The largest botnet sending spam originated with the Storm worm, Sjostedt said. Storm is a network of compromised computers with sophisticated attack and defense mechanisms, including "fast-flux" command and control servers, which frequently change location.

"Storm is the most prevalent distribution method" for spam, Sjostedt said. While most spam relays are in Europe, botnets are global phenomena, he pointed out.

Tom Espiner of ZDNet UK reported from London.