(WEB HOST INDUSTRY REVIEW) — The widespread availability of “bulletproof” hosting in China has made that country a haven for spammers, according to a blog post by University of Alabama researcher Gary Warner, referenced in a Friday article by PC World.
According to the blog post, Warner, director of research in computer forensics at the university’s computer and information sciences department, examined the millions of spam messages received in the UAB Spam Data Mine between May 1 and June 18, 2009, discovering that 70 percent of all domains used in spam have a .cn top-level domain.
While spam is not distributed evenly among origin servers, Warner declared it well past time to declare a spam crisis in China.
“More than half of all spam either uses domain names registered in China,” he wrote, “is sent from computers in China, or uses computer in China to host their web pages.”
The PC Word report references the volume of “bulletproof” hosting offerings operating in China as one of the factors in its role, suggesting hosts in China often ignore complaints about scam websites residing on their servers. The low cost of .cn domains (which sometimes cost approximately 15 cents US) enable scammers to acquire the addresses in greater bulk. PC World also points out that more costly US-based domains often funnel some of the money toward fighting online fraud.
While PC World identifies bulletproof hosting as a key source, Warner says that in his previous work as a volunteer fighting online fraud, he often encountered registrars and other service providers in China who were unaware they were part of the spam problelm.
“Usually the problem was that the Registrar did not understand how cybercriminals operated,” he writes, “or that they had insufficient fraud detection mechanisms, or they had policies which ended up protecting the criminal. On very rare occasion it was because they chose to host criminal activity.”
Warner, however, identifies several examples of hosting providers based in China he believes have been active participants in maintaining the spam operations they host, including the hosting provider that helped keep the Waledac botnet alive.
His blog includes links to several sets of data, and invites readers to do their own work with the data, as well as encouraging discussion to increase awareness of the issue.
