Spammers dust off their botnet passports

Criminals who remotely infect PCs for the purpose of using them to relay spam messages are targeting new countries and regions in order to increase the number of machines they can enlist.

UK and US internet service providers have seen their networks riddled with infected PCs in the last few years and those PCs have been used to relay vast spam campaigns. But as these networks - called botnets - get cleaned up, so they must be replaced.

Now it seems the bot-herders are turning to pastures new to greatly increase the breadth and the shelf-life of their networks amid fears some traditional targets are starting to address the problem with stronger regulation and more robust security.

Greater redundancy - botnets lying dormant - and greater geographical diversity can also make botnets more effective.

Poland and Spain have recently become home to two of the world's most infected networks, along with countries such as Italy and Turkey - which are seeing more botnet activity. And although traditional leader the US still leads the pack, according to Sophos statistics released earlier this week, the pattern suggests criminals creating these botnets are turning to pastures new to increase their effectiveness.

Dave Marcus, security research manager at McAfee, said more dispersed botnets increase the spammer's ability to use one network for a campaign and then let it "go quiet", not giving the authorities or security community any hint as to where activity will pop up next. It also enables spammers to let botnets in countries such as the US lie dormant for longer and evade detection.

Marcus said: "It makes sense to keep malware stealthful."

Top 10 spam relaying countries:
1. US
2. China
3. South Korea
4. France
5. Spain
6. Poland
7. Brazil
8. Italy
9. Germany
10. UK
Statistics provided by Sophos

And it appears to be working. Jason Steer, senior technical consultant at IronPort, said: "All major anti-spam vendors have seen a large upturn in spam message volumes over the past couple of months."

And Steer said this is in part due to a new generation of botnets being created in countries where the legal framework and security measures in place may provide a tempting option for bot-herders.

He said the biggest problem remains end-user education around the issue of keeping a PC clean and uninfected. As broadband penetration rates increase in countries where end-user education is at an earlier stage than the UK and the US, it seems likely those countries will increasingly be targeted.

Steer said one hope for countries in the EU is Finland taking over the EU presidency, which could provide some reason for cheer.

He said: "Finland had the worst botnet record in Europe in 2005 and drove it out with harsh legislation. Expect some of these laws to become EU directives later this year."