Situational Awareness: Spam Crisis and China

Published: 2009-06-20
Last Updated: 2009-06-22 19:02:17 UTC
by Scott Fendley (Version: 2)
3 comment(s)

Gary Warner, Director of Research at the UAB Computer Forensics, posted a very interesting analysis from the past 48 days concerning the amount of spam which has ties to China. 

The post is a call for increased awareness of the situation with certain registrars and hosting providers in China who have become spam havens in recent times.  It is our hope as with Gary's that by exposing the amount spam, fraudulent messages, and criminal activity occurring within a few areas of China, that those of you who have contacts in China may be able to educate our respective counterparts at ISPs, hosting providers and in law enforcement to the statistics.  With that education, we expect that the government or high level business personnel will take appropriate steps to mitigate this situation as has been done with other locations in years past.

Thanks Gary for posting this very enlightening blog located at


With that form of spam crisis in mind for everyone, I am curious if anyone else in higher education noticed that the last couple of classes of freshman do not use email at an increasing rate.  It has been my observation that the spam problems along with the growth of social networking sites like facebook and twitter that this future generation will continue the trend away from traditional email delivery in lieu of other forms of messaging.  This seems to be causing some problems within the higher-ed community with how to officially communicate to students without looking like spammers ourself in these other communication venues.  Perhaps a new crisis on the way for those of us who must do "official spam" to our organizations.

Scott Fendley
ISC Handler on Duty

Keywords: awareness China spam
3 comment(s)


<c+p's rant i wrote on another site>

i've been saying for years that there needs to be some serious reform over at icann... so many registrars should be losing their accreditation for blindly registering fake domains.
At home I block all connections to/from China and Korea based on the netblocks published at We have no need to exchange packets with those parts of the net. Unfortunately that's not an option for many, possibly most, organizations. And since I do not run my own MX host it does nothing to block spam from those netblocks. However, I'm sure I'm not the only one to have noticed that an inordinate number of the malicious urls dissected in these diaries are located in or eventually lead to China. I rest just a little better knowing that the other members of my household are protected from that subset of attacks even before they are exposed.

One must wonder how a more general shunning of the problem areas of the net, however unlikely, might spur a much-needed cleanup. The first thought that comes to mind is "can of worms".
part of the problem there is also the language barrier, how do you report these infractions to the ISP's? i've tried, all i get back is a email full of characters i can't read.

on the flipside however, i sent an abuse@ email to an ISP in quebec because one of their hosts was pounding my firewall for what appears to be no reason. some port i don't even use or recognize. no response for a month. tried the "responsible person"... no response for a month. i tried a third time and all i got back was "i need the host causing the problem". what?? if they even read the email, they would see the huge log i had sent them.

intelligence barrier? maybe we should also be considering who is allowed to be an ISP.

Diary Archives