MetaSpamZombieBotEngines

We all hate spam — many of us use filters to find and block it, web based email services use sophisticated pattern analysis to detect it, and that leaves you and I to delete what’s left. But, where does all this spam actually come from? Believe it or not — it often comes from home PC users. That’s right — we are the engine of our own frustration.

As mentioned before, the stats show approximately 50-80% of all spam sent comes from hijacked home PCs. Since you are probably using a personal firewall, you’ve taken a good step to prevent your own PC from sending out spam. A personal firewall is one of the best ways to ensure your system doesn’t become a spam zombie.

Some people suggest personal firewalls are not needed if you have a home router/network with a built in firewall. I wish it was that easy. Consider this:

1. User browses a malicious website with an unpatched machine (or the site could have a 0day).
2. Home PC gets hacked, the payload of this hack is a spam engine.
3. User’s PC begins sending large amounts of spam to the rest of the Internet.

How is a router/gateway firewall on your home network going to stop this? Most home network routers don’t provide outbound firewalling (blocking the outbound port 25) and if they do, most people wouldn’t know to block this port specifically. That’s one of the reasons a personal firewall on *the actual computer* is always a good idea. ZoneAlarm even provides Outbound MailSafe Protection to prevent your system from becoming a MetaZombieSpamBot.

Here are some stats and graphs showing which home users (and their ISPs) are sending the most spam:

As you can see, this list is slowly growing as the spammers hack more home PCs users, who in turn, end up sending more spam. Hopefully as people become more aware of this problem, we’ll see those numbers starting to drop.