Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

12/6/2006
01:47 PM
Mitch Wagner
Mitch Wagner
Commentary
50%
50%

Spam's Making A Comeback And We're All Stuck With It

The New York Times reports grim news that anybody watching their e-mail in-boxes already knew: Spam is making a comeback. Worldwide spam volumes doubled since last year, and spam now accounts for more than 90% of e-mail worldwide. And it doesn't look like the problem is going away.

The New York Times reports grim news that anybody watching their e-mail in-boxes already knew: Spam is making a comeback. Worldwide spam volumes doubled since last year, and spam now accounts for more than 90% of e-mail worldwide. And it doesn't look like the problem is going away.

Smart people last year were saying the spam problem was solved. I was not one of those smart people -- how can anybody have said the spam problem was solved if it required significant investment in hardware, software, and services to keep spam at bay? But, still, spam was being kept at bay; spamfighters developed a few techniques that worked well to combat junk mail. Those techniques included blacklisting known spam-sending IP addresses and domains, analyzing the text of messages for spammy text and links, and spotting and blocking duplicate messages sent in bulk.

Spammers are getting around blacklists by using botnets -- armies of infected computers that the spammer takes over and uses to send spam. Spammers thwart text analysis by sending only images, with pictures of text in the images. And they block duplicate messages by varying the contents of messages by just a few pixels -- just enough to trick the spam filters.

The botnets also drive down the cost of sending spam. You used to read about spammers with multiple T-1 lines, each costing thousands of dollars a month, piped into a single, small office or the converted bedroom of a home. But by using botnets, spammers can steal the bandwidth of the infected machines -- usually, machines belonging to naive consumers. Spammers now have only minimal bandwidth costs themselves. They pass the cost on to their victims.

And spammers have been able to get rid of the one, surefire Achilles heel that worked against them every time. Used to be that they had to give out some information on how to buy the product they were selling. Generally, that meant linking to a Web site selling toy cars, or porn, or herbal Viagra, or whatever. Spamfighters could block spam by compiling databases of known spam URLs, and blocking messages linking to those sites.

[N]ot anymore. Many of the messages in the latest spam wave promote penny stocks - part of a scheme that antispam researchers call the "pump and dump." Spammers buy the inexpensive stock of an obscure company and send out messages hyping it. They sell their shares when the gullible masses respond and snap up the stock. No links to Web sites are needed in the messages.

Freedom to Tinker explains the economic terms of the competition. The payoff from sending spam is very, very low -- but the cost is even smaller than that. Felten explains:

The per-message payoff is probably decreasing as spammers are forced to new payoff strategies (e.g., switching from selling bogus "medical" products to penny-stock manipulation). But their cost to send a message is also dropping as they start to use other people's computers (without paying) and those computers get more and more capable. Right now the cost is dropping faster, so spam is increasing.

From the good guys' perspective, the cost of spam filtering is increasing. Organizations are buying new spam-filtering services and deploying more computers to run them. The switch to image-based spam will force filters to use image analysis, which chews up a lot more computing power than the current textual analysis. And the increased volume of spam will make things even worse. Just as the good guys are trying to raise the spammers' costs, the spammers' tactics are raising the good guys' costs.

I don't see a good outcome for this. Fighting technology-based social problems requires technology and laws. We have the technology, but it's getting less effective. And we don't have the law on our side. The three-year-old CAN-SPAM law is toothless (something spamfighters were saying from the very beginning, and they were ignored). And even if the U.S. government suddenly, miraculously found the will to pass an anti-spam law with teeth, much spam is coming from countries in Europe, Latin America, and Africa, where the U.S. has no jurisdiction or political leverage. This problem isn't going away, or even getting better, anytime soon.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25159
PUBLISHED: 2020-11-24
499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.
CVE-2020-25654
PUBLISHED: 2020-11-24
An ACL bypass flaw was found in pacemaker before 1.1.24-rc1 and 2.0.5-rc2. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went throu...
CVE-2020-28329
PUBLISHED: 2020-11-24
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19.
CVE-2020-29053
PUBLISHED: 2020-11-24
HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter.
CVE-2020-25640
PUBLISHED: 2020-11-24
A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.