Chinese sources have long been linked with scads of worldwide malware and spam campaigns, but new research contends that computers located in the nation are currently generating an overwhelming proportion of the world’s unsolicited e-mail.
According to a report compiled by researchers at the U.S.-based University of Alabama at Birmingham (UAB), Chinese infrastructure is accounting for as much as 70 percent of all spam worldwide.
As experts have suggested for some time, the open availability of cheap domains and a lack of regulatory oversight by the Chinese government have fostered a “spam haven,” the UAB researchers confirmed.
“China has become a safe haven for Web site operators that use spam to promote their products because of the willingness of some Chinese Web-hosting companies to ignore spam complaints about those sites, which are hosted on their servers for a fee,” said Gary Warner, UAB’s director of research in computer forensics.
“The hosting companies don’t create the spam, but rather declare themselves bullet-proof hosting sites – meaning that regardless of the illegal activities being reported, they will not terminate their customer’s spam-related Web sites or domains,” the expert noted in a report summary.
The role of shady hosting companies in the spam ecosystem was best highlighted in 2008 when pressure from researchers led to the shutdown of just such a company, McColo, and worldwide spam traffic immediately saw a signficant dip.
However, as highlighted by the continued proliferation of the Chinese providers, there’s seemingly always someplace else for spammers to move their businesses.
And it’s not to say that the people behind the spam campaigns are mostly Chinese nationals. Spammers worldwide, including many based in the U.S., are tapping into the availability of unpoliced hosting firms in China to further their efforts from afar.
Many of the spam runs observed by UAB researchers were also tied directly to malware campaigns.
For the year to date, the UAB “Spam Data Mine” project has observed “millions” of messages connected to “hundreds of thousands” of Web sites and 69,117 unique hosting domains.
Of the total reviewed domains, 48,552, 70 percent, had Internet domains – or addresses – that ended in the Chinese country code “.cn.” Some 48,331, or roughly 70 percent of the sites, were also hosted on Chinese computers.
The issue of cheap domains remains the biggest driver of China-based spam efforts, other than a lack of regulation of the hosting companies, said UAB.
Domains based in China still cost about one yuan, or 15 cents in U.S. currency, on average. By comparison, many U.S.-based domains go for roughly $35 a year.
UAB experts contend that the rock bottom Chinese prices encourage Web page operators to buy numerous domains, leading to “a continuous stream of spam promoting those various sites.”
“Not only is it cheap to operate spam-promoted Web sites through the Chinese technology infrastructure, there is not enough revenue being generated to pay for the creation of programs or entities that could prevent such abuses from taking place,” Warner contends.
The researcher noted that while only a handful of companies in China are behind most of spamming, they “risk the reputation of their entire nation’s Internet presence,” with their ongoing activities.
Warner said that the Chinese government needs to intervene and push hosts there to “develop mechanisms to accept and respond to spam abuse complaints.”
I, for one, won’t be holding my breath waiting for that to happen.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.