The changing face of spam

By on
The changing face of spam

Junk email clogging up your inbox used to be annoying, but as René Millman reports, it’s moved beyond that and become a lot more sinister

For some people, the answer to the global spam problem lies in a simple, although rather radical, solution – just slice through some cables in Florida.

"If we were to cut Boca Raton off from the internet, spam would go down by 50 per cent," argues Steve Linford, chief executive of Spamhaus, an organization that monitors spam patterns around the world and works closely with law enforcement agencies to try to reduce the problem.

While Linford's proposed solution would be almost impossible to achieve (although last year's hurricane season made a valiant attempt), it shows just how much we know about the problem of spam. The difficulty is in stopping it.

There is plenty of intelligence about how the spammer community operates. The FBI has a whole department of 16 agents working flat-out to gather evidence against various spam operations, mostly based in Florida.

Spamhaus has detailed lists of where spam operations are based (200 of them, each employing up to five individuals), where the spam is coming from (seven out of ten servers sending out spam are based in China, mainly in Beijing and Shanghai). The ISPs providing the bandwidth for spammers to operate (nearly 90 from China alone) are also listed.

In terms of its sheer quantity, the evidence gathered by organizations such as Spamhaus is almost overwhelming. Law enforcement agencies have thrown as many resources at the problem as their budgets allow, but for all this activity, not much appears to be happening in terms of legal action.

There are many factors at work. The main criticism Linford has is of the court system. He believes one of the major sticking points is the inability of courts to accept electronic evidence.

"We could present the evidence in paper form, but there is so much of it that defense lawyers would seek a dismissal of the case," he says.

Even when suspects are caught, courts will often allow them bail, allowing them to skip the country and restart their activities elsewhere. It doesn't take too long or too much money for a spammer to set up in business elsewhere in the world.

Linford sees the more traditional types of spam (emails touting Viagra and cheap loans) decreasing as legislation and law enforcement agencies are frightening off these types of spammers. More worryingly, criminal spam is on the rise, of which phishing emails are in the vanguard.

Linford sees this problem becoming more intertwined with virus propagation and, according to him, this is rising exponentially. This view is shared by Alyn Hockey, director of research at Clearswift. Hockey also believes that phishing activity will start to move on from its traditional targets in the consumer financial sector.

"Phishing will expand from banks to exploit other types of user accounts on retail sites such as Amazon," he says.

Hockey also expects an increase in spam using graphics, where the content is hosted elsewhere and pulled in when the message is opened. This can also allow the installation of spyware and other types of malware, such as trojans.

This is achieved when an unwitting user opens up the spam message, or is led by the email to a fake website, which in turn download the trojan onto the user's computer. Up to 100,000 computers are being infected this way every week, turning PCs into part of a slave network for virus delivery, or "botnet".

But the infrastructure to send out spam is only one part of the picture. Valid email addresses are also needed as the recipients of the spam. Users have begun to be more careful about divulging email address on the internet, but John Young, president of Ottawa-based secure content management company Nemx, says that directory harvest attacks are on the increase.

Young believes that many spammers, particularly those who are more opportunistic, are turning their backs on just sending out millions of emails touting pharmaceuticals and organ enlargement and are getting into phishing.

"Most spammers have a criminal mindset and the next logical step for them is phishing," says Young. "They are lazy and after an easy buck."

This leaves the more traditional spammers. They are now targeting individual companies, and Young describes them as "professional" spammers, who are are going back to basics and using more intelligent means of getting their message across.

"We're starting to see this, especially in larger companies such as Shell Oil, for example. Spammers send in emails that will contain words relating to the oil industry," he says. These professional spammers will use naturalistic language and plain text in the message in the hope that these "normal-looking" emails with their targeted keywords bypass anti-spam measures.

What action can be taken? Graham Titterington, principal analyst at Ovum, believes that filtering must be done at the gateway, or anti-spam services must be bought in by smaller companies to deal with the problem, but they are not a universal panacea.

"The problem with filtering is that it is not always accurate," he says. So some will always get through to the unwitting recipient. Instead, vigilance is key, and Titterington urges users to watch out for suspect mail when it appears in the inbox, in case their machine is turned into part of a botnet.

Nilesh Mangaonkar, email security software engineer at Webwasher AG, claims the only realistic way to deal with spam is "to have a good firewall with a comprehensive URL filter, spam filter, virus filter and malicious code filter."

Knowing how a spammer's mind works is also key. Mangaonkar likens spammers to drug dealers.

"They are highly organized and very profitable, and they operate at international levels and are difficult to prosecute. They have money and have a very efficient exchange of data among themselves," he says.

While legislation has been patchily enacted, Linford laments the lack of understanding where laws are most needed to tackle this problem – China.

"The Chinese authorities have their heads buried in the sand," he says. One of the few courses of action left is to threaten ISPs with blacklisting if they don't remove spam hosting servers from their networks. Unfortunately, these hosting companies make $1,000 a week from offering such services to spam outfits (which is a lot of money to these Chinese companies). It is not hard to see why the benefits outweigh the risks.

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?