Most Internet Spam Comes From Just a Handful of ‘Bad Neighborhoods’

The majority of the spam in the internet comes from just a couple of bad neighborhoods

201303180910283030271346_4517311fc0_z.jpg
notoriousxl

In your inbox, there might be a there’s a prince in Africa who needs your help, a cash award you just won for a contest that you never entered and a Russian woman who wants to meet you. Where do all these spam messages come from? According to the BBC, mostly from the same place:

Of the 42,201 ISPs studied about 50% of all junk mail, phishing attacks and other malicious messages came from just 20 networks, found. Many of these networks were concentrated in India, Vietnam and Brazil. On the net’s most crime-ridden network – Spectranet in Nigeria – 62% of all the addresses controlled by that ISP were seen to be sending out spam.

It’s hard to know exactly where many of those emails came from, because people fishing for information with spam often route their traffic through other networks to avoid getting caught. But Moreira Moura, the researcher behind the work, believes that starting to track spam could identify what he calls “bad neighborhoods” online. He writes in his dissertation:

The goal of this dissertation is to investigate Bad Neighborhoods on the Internet. The idea behind the Internet Bad Neighborhood concept is that the probability of a host in behaving badly increases if its neighboring hosts (i.e., hosts within the same subnetwork) also behave badly. This idea, in turn, can be exploited to improve current Internet security solutions, since it provides an indirect approach to predict new sources of attacks (neighboring hosts of malicious ones).

And rather than focusing on individual bad neighbors, he says, it’s far easier and more accurate to pinpoint neighborhoods. He writes:

Another finding of this dissertation is that Internet Bad Neighborhoods are much less stealthy than individual hosts, since they are more likely to strike again a target previously attacked. We found that, in a one-week period, nearly 50% of the individual IP addresses attack only once a particular target, while up to 90% of the Bad Neighborhoods attacked more than once. Consequently, this implies that historical data of Bad Neighborhoods attacks can potentially be successfully employed to predict future attacks.

The next step is to build better tools for computer security experts to be able to see where spam is coming from. If a message comes from a pre-identified bad neighborhood, security experts could build that into their screening process and look at those messages more carefully.

More from Smithsonian.com:

How Google Keeps Your Spam Out of Your Inbox
Top Ten Most-Destructive Computer Viruses

Get the latest stories in your inbox every weekday.