Sophos: One Infected Machine Sends Up To 30 GB Of Spam A Week


A compromised computer could hit 5.5 million email addresses with spam every week without its owner ever noticing

Ever wondered who sends all those spam messages that end up in your inbox? It could be the computer of your neighbour or a colleague, who have unwittingly become part of a ‘botnet’ – a collection of infected machines that receive instructions from a Command and Control (C&C) server run by cyber criminals.

According to research by Sophos, a single computer on a typical home network, infected by a single piece of malware can send a total of 30 GB of outbound email to 5.5 million email addresses in just one week.

To measure such activity, Sophos Labs in Hungary created the “honeybot”- an intentionally infected computer that would log all of the commands it received from its botmasters. They noted that during the experiment, more than a quarter of spam messages included some type of malware.


Spam botnets can link tens of thousands of computers into a massive distribution network, but despite being infected by malware, being a ‘bot’ does not pose any immediate risk to the infected machine itself. Instead of becoming victims, such machines simply carry put the will of their masters.

JoeBakalDue to their distributed nature, botnets are very hard to eradicate, and all of the risk linked to illegal activity is passed on to the owners of the individual IP addresses. Today, spam botnets are widely available for rent.

While botnets have been the subject of careful study, Sophos wanted to measure the impact of individual computers on the output of spam.

Using honeybot, Sophos Labs established that a single PC can hit 5.5 million email addresses with 750,286 unique email messages in the space of a week. Researchers add that numbers would be lower in the real world, since not all receiving servers would be working correctly, and not all email addresses would be valid.

The experiment had shown that 26 percent of the spam messages carried malware in a link or attachment, with 11 different strains of malware sent out in the space of a week.

74 percent of emails promoted a pharmaceutical website – illegal online pharmacies are some of the darlings of spam marketing, and unsolicited offers for drugs like Viagra and Cialis have become part of Internet folklore.

Paul Ducklin, head of technology for APAC region at Sophos, says sending 30 GB of email per month would require “a sustained average throughput of about 400Kbps, which is less than half the upload bandwidth of a regular ADSL connection. For many users, that would mean sufficient bandwidth left over that the spam would probably go unnoticed, or at least uninvestigated.”

When combined, a 10,000-computer botnet can send up to 50 billion spam messages per week, or 216.5 billion per month. The network grows like a snowball by sending out spam emails loaded with malware, which infects more machines and results in ever more spam.

If your broadband connection is being unusually slow, it is worth running a full anti-virus check on the computer. “Remember, if you aren’t part of the solution, you’re part of the problem!” warns Ducklin.

What do you know about crime and punishment in the digital age? Take our quiz!