Why spam still poses a danger

gallery

For most of us, spam has ceased to be much of a problem. Our spam filters work fairly well and although we may occasionally see the odd unwanted message, or lose a valid message in the process, we are largely shielded from the bulk of the junk that sloshes around the internet.

But the spammers are not standing still. They are constantly seeking new ways to get through our defences, and it is worth mentioning also that we all pay for the spammers. If they didn't occupy 90 per cent of the email capacity of the internet, we'd all get faster and cheaper service.

But there is little chance of stopping the spammers while their activities continue to be profitable. For virtually no outlay and less risk of getting punished, spammers can afford to churn out millions of messages in the sure knowledge that just a tiny fraction of the recipients need to respond to make it all worthwhile.

In a web survey carried out in February 2007, security company Sophos found that five per cent of people admitted to buying goods sold via spam.

And in August, the share price of a company called Prime Time Group rose steadily within a short period after "pump and dump" spammers went on a concerted email campaign to boost the company's prospects. So spam clearly works, despite our best efforts to contain it.

The prime defences against spam up to now have been to look for keywords - such as "Viagra", or "Penis enlargement" - and block any messages containing them, or to identify the sources of spam and to block all messages coming from those addresses.

The spammers responded by putting in subtle changes such as "v1agra" to bypass the filters, and by the use of fast-changing botnets, made it ever harder to keep track of offending machines.

Then last year, in the continuing game of cat and mouse, the spammers came up with a new device, burying their message in a JPG or GIF image. This made the text harder to parse, and also took up more bandwidth and storage on the computer.

Again the anti-spam industry used a mix of signature and reputation lists to spot the unwanted messages, and again the spammers responded by altering a few pixels in the image each time to avoid detection.

And so the battle goes on. The latest ploy noted by researchers in recent weeks is to put the message into a PDF or Excel attachment. As Mark Sunner, chief security analyst with MessageLabs, explains: "PDF attachments have rocketed in the last few weeks, and now account for 20 per cent of all image spam. PDF is seen as a more trusted file format, and also looks more professional. Using Adobe Acrobat, the hackers can also crank up the security options, which makes it hard for the anti-spam software to parse the contents."

He says that the tactics of some spammers are also changing, with some of them doing shorter runs that will keep them below the radar of the anti-spam engines. "The bad guys know that most filters rely on honeypots, and there is a window of time before a bogus account [in the honeypot] receives something it shouldn't," he says. "We have seen the window of spam runs coming down to short blasts of as little as 11 minutes. This would appear to be an attempt to get under the radar."

The junk mail aspect of spam is just one side of the problem, though. If someone is just trying to sell you something you don't want, you can delete the message and move on.

But the more serious side is that the spammers are constantly looking for more machines to infect. If they can get a trojan downloaded on to your machine, it then falls under their control and can be used for a variety of purposes. It may become another new node in a botnet, being used to spew out more mail to other targets. Or the hackers may decide to spy on what you do to gather details of your bank accounts, credit cards or other private information.

Email to a friend

Print this page