Monday, January 22, 2007

Spam: state of the art report

MSNBC's Rob Sullivan has a spam report. The numbers are indeed staggering. I wonder what percentage of net traffic is made up of "high grade" material -- excluding spam, porn, illegal file sharing etc. I'm guessing it's in the 20-30% range overall. A surprising amount of net traffic now is file sharing, and it's widely believed that almost all of that (by volume) is copyrighted material. Emphases mine.

... Not long ago, there seemed hope that spam had passed its prime. Just last December, the Federal Trade Commission published an optimistic state-of-spam report, citing research indicating spam had leveled off or even dropped during the previous year.

Instead, it now appears spammers had simply gone back to the drawing board. There's more spam now than ever before.

In fact, there's twice as much spam now as opposed to this time last year... About half of all spam sent now is "image spam," containing server-clogging pictures that are up to 10 times the size of traditional text spam. And most image spam is stock-related, pump-and-dump scams which can harm investors who don't even use e-mail. About one-third of all spam is stock spam now.

... There are 62 billion spam messages sent every day, IronPort says, up from 31 billion last year. Now, spam accounts for three of every four e-mails sent, according to another anti-spam firm, MessageLabs.

Image spam is a big part of the resurgence of unwanted e-mail. By using pictures instead of words in their messages, spammers are able to evade filters designed to detect traditional text-based ads. New computer viruses have contributed to the uptick, also, particularly a surprisingly prolific Trojan horse program called "SpamThru" that turns home computers into spam-churning "bots."

... Stock spam is effective because no Web link is required, Cluley said. In old-fashioned spam, criminals generally try to trick recipients into clicking on a link and buying something. Many e-mail programs now block direct Web links from e-mails, rendering click-dependent spam much less effective. But stock messages merely have to make the recipient curious enough about a company to motivate him or her to buy a few shares through a broker.

There is another element that helps perpetuate stock spam, Stark said – he believes speculators unrelated to the original spam sometimes try to “play the momentum” surrounding a spam campaign – either getting in early on a pump-and-dump campaign to profit as shares rise, or by “shorting” stocks, betting that they will fall after the spam campaign flames out.


Image spam, which seems not inseparable from stock spam, can arrive entirely devoid of text, but that’s not common. Most messages have what appears to be nonsense text pasted above and below the image. Experts call this "word salad," or "good word poisoning."..

... The word jumble is generally borrowed from news headlines or classic books like Charles Dickens' “David Copperfield,” the text of which are often available online. The seemingly random text actually serves and important purpose -- to foil or confuse word-based spam filtering.

... Spammers continually refine and combine their techniques, said Doug Bowers, senior director of anti-abuse engineering at Symantec. The firm recently found spam attached to legitimate newsletters that appear to be from big companies, including a Viagra ad atop a 1-800-Flowers e-mail newsletter and another on an NFL fantasy league letter. Such e-mails are simply spam masquerading as authentic, with real content borrowed from legitimate companies. They are similar to phishing e-mails, and so are much more likely to be opened by recipients than traditional spam, Bower said...

Natural selection is causing spam to evolve very quickly. We're recreating biological evolution at a frenetic pace. Defense requires more complex algorithms, which lead quickly to more complex attacks. Maybe every technological civilization succumbs when its spam becomes sentient ...

The stock tip churn process may work for quite a while. It will eventually become a contest between spammers and speculators, which each speculator hoping they can hop off fast enough before the "house" calls the game. Of course the spammers will always know more, so they'll always come out ahead. Some speculators will win too, so it will be a lot like going to the casino. In time the spammers will learn to keep the game interesting.

My favorite spam fighting technique, the reputation management of authenticated sending services, works even against spambots. I think this is what Google is doing now, even though they're very quiet about it.

No comments: