CircleID

About a week ago, I posted that Australia was getting ISPs to boot infected computers off of their network. I commented on whether or not this was a good policy. However, there was one thing in that article that I wanted to comment on but didn't, it was this excerpt:

A global report by security technology giant McAfee reveals that Australia now ranks behind only the US and China for the number of "zombie" computers that fell under the control of spammers in 2009. "The `Land Down Under' is proving to be fertile ground for zombie recruiting," the report says.

It estimates Australia accounts for 6.3 per cent of the world's "new zombies", compared with 18 per cent from the US and 13.3 per cent from China. Just two years ago, Australia was not even in the top 10 countries listed in McAfee's Global Threats report.

Australia is now number 3? Behind only the US and China? That sounds a little hard to believe. I say this because it completely contradicts any of the data I have.

Now, I will admit that I only have data on how much spam we receive from each country, and from how many distinct IPs. If I go by the second half of 2009, Australia ranks 24th for distinct number of IPs that sent us spam and 26th for total amount of spam sent. It lags far behind other countries like South Korea, Brazil, India, Poland, Spain, Romania, Ukraine, and so forth.

Now it's possible that McAfee's report measures total zombie activity. Zombies do more than send spam—they host spammy web pages, do fast flux, perform black search engine optimization, conduct DOS attacks, and so forth. And obviously, I have gaps in my own data because I don't measure that. Yet if I go by data in Microsoft's latest Security and Intelligence Report (which covers first half of 2009), Australia ranks far down the list of countries in terms of number of infected computers with malware, malware distribution sites per 1000 Internet hosts, and so forth. It confirms my data that Australia is not one of the biggest players when it comes to spam.

This leads me to a couple of possibilities:

1. McAfee has other metrics that we are not collecting that indicates that Australia has lots of zombies and bumps it up the list.

2. One of us is wrong.

No offense to McAfee, but I'm guessing (emphasis on the word guessing) that it's (2), and it's not us that is wrong. It stretches the credibility to assert that Australia is a smaller player in spam and malware infections but is really abusive in everything else. More often than not, if a country is abusive in one category, they are usually abusive in other categories. While it is true they may not be stack-ranked the same in every category of abuse, they usually are pretty close.

By Terry Zink, Program Manager. Visit the blog maintained by Terry Zink here.

Related topics: Access Providers, Cybercrime, Malware, Policy & Regulation, Security, Spam