The folks at spamhouse.org have done a commendable job over the years trying to make the internet a better place for everyone. They provide interesting weekly statistics and information on the world’s worst Spam Kings and sources of spam in general. If you’re a network admin, you’ve heard of these guys.
Over the past year, while malicious servers continue to be set up all over the world, more activity is taking place in China. The servers that were a part of the recent google poisoning that we looked at first were in located in China. Many of the redirected pages from other compromised servers link to exploit pages, downloaders and more malware served in China.
Not surprisingly, this week China is the number two source of spam, according to spamhaus (keep in mind that these numbers do change on their site):
But of their weekly top 10 list of Spam Kings, the top 6 continue to be Russian or Ukranian. Only two are of Hong Kong or Chinese origin:
Also along those lines, the whole Russian Business Network or RBN (a huge network well known for its malicious activity over the past few years), was tracked by iDefense as shutting down and moving from St. Petersburg to China and Central and Southern Amercian region like Panama and Belize.
And from what we are seeing at our user base and in our labs, it looks like this trend is one that will continue.
UPDATE (12.13.2007): The Sydney Morning Herald published a fine article (it appears to be from someone at The Guardian) this morning about the RBN network’s activities.