Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

12/6/2006
01:47 PM
Mitch Wagner
Mitch Wagner
Commentary
50%
50%

Spam's Making A Comeback And We're All Stuck With It

The New York Times reports grim news that anybody watching their e-mail in-boxes already knew: Spam is making a comeback. Worldwide spam volumes doubled since last year, and spam now accounts for more than 90% of e-mail worldwide. And it doesn't look like the problem is going away.

The New York Times reports grim news that anybody watching their e-mail in-boxes already knew: Spam is making a comeback. Worldwide spam volumes doubled since last year, and spam now accounts for more than 90% of e-mail worldwide. And it doesn't look like the problem is going away.

Smart people last year were saying the spam problem was solved. I was not one of those smart people -- how can anybody have said the spam problem was solved if it required significant investment in hardware, software, and services to keep spam at bay? But, still, spam was being kept at bay; spamfighters developed a few techniques that worked well to combat junk mail. Those techniques included blacklisting known spam-sending IP addresses and domains, analyzing the text of messages for spammy text and links, and spotting and blocking duplicate messages sent in bulk.

Spammers are getting around blacklists by using botnets -- armies of infected computers that the spammer takes over and uses to send spam. Spammers thwart text analysis by sending only images, with pictures of text in the images. And they block duplicate messages by varying the contents of messages by just a few pixels -- just enough to trick the spam filters.

The botnets also drive down the cost of sending spam. You used to read about spammers with multiple T-1 lines, each costing thousands of dollars a month, piped into a single, small office or the converted bedroom of a home. But by using botnets, spammers can steal the bandwidth of the infected machines -- usually, machines belonging to naive consumers. Spammers now have only minimal bandwidth costs themselves. They pass the cost on to their victims.

And spammers have been able to get rid of the one, surefire Achilles heel that worked against them every time. Used to be that they had to give out some information on how to buy the product they were selling. Generally, that meant linking to a Web site selling toy cars, or porn, or herbal Viagra, or whatever. Spamfighters could block spam by compiling databases of known spam URLs, and blocking messages linking to those sites.

[N]ot anymore. Many of the messages in the latest spam wave promote penny stocks - part of a scheme that antispam researchers call the "pump and dump." Spammers buy the inexpensive stock of an obscure company and send out messages hyping it. They sell their shares when the gullible masses respond and snap up the stock. No links to Web sites are needed in the messages.

Freedom to Tinker explains the economic terms of the competition. The payoff from sending spam is very, very low -- but the cost is even smaller than that. Felten explains:

The per-message payoff is probably decreasing as spammers are forced to new payoff strategies (e.g., switching from selling bogus "medical" products to penny-stock manipulation). But their cost to send a message is also dropping as they start to use other people's computers (without paying) and those computers get more and more capable. Right now the cost is dropping faster, so spam is increasing.

From the good guys' perspective, the cost of spam filtering is increasing. Organizations are buying new spam-filtering services and deploying more computers to run them. The switch to image-based spam will force filters to use image analysis, which chews up a lot more computing power than the current textual analysis. And the increased volume of spam will make things even worse. Just as the good guys are trying to raise the spammers' costs, the spammers' tactics are raising the good guys' costs.

I don't see a good outcome for this. Fighting technology-based social problems requires technology and laws. We have the technology, but it's getting less effective. And we don't have the law on our side. The three-year-old CAN-SPAM law is toothless (something spamfighters were saying from the very beginning, and they were ignored). And even if the U.S. government suddenly, miraculously found the will to pass an anti-spam law with teeth, much spam is coming from countries in Europe, Latin America, and Africa, where the U.S. has no jurisdiction or political leverage. This problem isn't going away, or even getting better, anytime soon.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15930
PUBLISHED: 2020-09-24
An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag.
CVE-2020-19447
PUBLISHED: 2020-09-24
SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php via the f_marked_files_id parameter.
CVE-2020-3560
PUBLISHED: 2020-09-24
A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by s...
CVE-2020-3509
PUBLISHED: 2020-09-24
A vulnerability in the DHCP message handler of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the supervisor to crash, which could result in a denial of service (DoS) condition. The vulnerability is due to insufficient error...
CVE-2020-3510
PUBLISHED: 2020-09-24
A vulnerability in the Umbrella Connector component of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to trigger a reload, resulting in a denial of service condition on an affected device. The vulnerability is due to insufficient error h...