Stonewalled by spam


For a long time now it’s been a tough slog for anti-spam software companies, whose offerings never seem to have the impact they should.

Some low-technology workaround is developed that soon enough licks whatever protective shield vendors try to put in place – and spam continues unimpeded until the next “dream” product is announced and the cycle starts all over again.

The struggle between various species of spamsters and those who would seek to contain them continues full throttle. But indications are the crooks seem to be winning hands down.

They’ve developed counter-maneuvers for every major spam-blocking strategy, even those that for a while appeared to be containing the menace.

For instance, one stratagy that appeared to be getting good results – for a while at least – involved three levels of filtering.

Let’s call it the “triple filter” approach.

Triple filter anti-spam tools work by “asking” three questions (who, what and which) of every e-mail coming in. Who is the sender? What are the contents? Which sites does the message link to?

That worked for a while, until the “bad guys” developed a three-pronged response.

Attack of the zombies

The attempt to filter out spam by determining the sender’s identity (the “Who” factor) was effectively counteracted by routing spam through a network of “captured” computers.

Hundreds of thousands of computers have been taken over and added to the ranks of spam “zombies” – machines programmed remotely by the bad guys to serve as senders of spam.

A host of ingenious attacks are used to capture “Zombies” – and here’s where we witness the strong link between hacking and spamming, with the former sometimes paving the way for the latter.

Last month, anti-spam software company San Jose, Calif-based Secure Computing warned that hackers are using a new Storm Trojan horse variant to insert insidious URLs in blogs, intercepting traffic when visitors try to post comments.

From a hosting server, that appears to be located in New Jersey, malware is insidiously dropped onto the targeted machine as a rootkit, and attempts are then made to capture and modify Web traffic via the operating system.

Once a machine is infected, it can be used to blast out spam – or for a variety of other nefarious tasks – such as running keyloggers, or causing a distributed denial of service attack.

Image and illusion

Likewise, the second strategy – the attempt to fight spam by evaluating the content of incoming messages – has also been ingeniously foiled.

Conventional anti-spam software uses a statistical technique called Bayesian analysis to analyze the words in a message and whether they signify an authentic e-mail message or spam.

The con artistes discovered content filtering could be countered by unleashing image spam – and moving words in an image.

The most recent (March 2007) ‘The State of Spam’ monthly report issued by Symantec highlights the increasing use of “slanted and warped text” in the recent breed of spam messages.

“Rather than making changes to individual characters within the text of the image, all of the text is slanted at either an upward or downward angle,” the report says. “This technique may decrease detection capabilities of some anti-spam technologies that are heavily reliant on OCR or edge detection.”

At the end of February, image spam was 38 per cent of all spam, the report says.

Pump and dump

The third filter may have limited value in blocking spam messages that link to external sites where spamsters peddle their wares.

However, it’s worthless in containing spam messages that don’t link to anything – but are no less sinister.

For instance, one breed of spam heavily promotes penny stocks that these con artistes have picked up.

These worthless stocks, and heavily promoteon chat rooms, message boards, and via mass spamming. Once the value surges through this artificial promo, the scamsters offload the stock and make a profit.

The scam dubbed “pump and dump” became so widespread that the US Securities and Exchange Commission issued an alert to warn people against getting duped.

And spam was one of the chief “promotional” channels used by the perpetrators. Again difficult to contain as no outbound links are required.

The cost of not being able to stop the spread of this conflagration is very high. According to Palo Alto, Calif.-based technology market research firm Radicati Group Inc., spam cost US businesses $20.5 billion in a single year. (I found this number on the Industry Canada Web site which unfortunately did not list what spam cost Canadian businesses).

Spam is also eroding in our confidence in the Internet as a means of public communication. Year after year, studies show people are becoming less trusting of e-mail.

From the spamers’ perspective, the lethal attraction of this channel is its profitability. As Michael Geist Canada Research Chair in Internet & E-commerce Law at the University of Ottawa points out the cost to the sender is minimal and in contrast to traditional direct mail that requires a response rate of at least two per cent to be worthwhile, spam an can operate at return rate of 0.025 per cent.

One thing is abundantly clear. In the crusade against spam, we can’t rely on merely anti-spam technology tools.

Experts counsel a multi-pronged approach that includes building public awareness, more stringent legislation and enforcement, the implementation of “best practices” by ISPs and other network service providers, and international co-operation – joint anti-spam policies and programs launched in cooperation with foreign governments.


Related Download
Improving the State of Affairs With Analytics Sponsor: SAS
Improving the State of Affairs With Analytics
Download this case study-rich white paper to learn why data management and analytics are so crucial in the public sector, and how to put it to work in your organization.
Register Now