The tide of unwanted email is rising as spammers find new ways to dodge filtering systems, experts say.
A study released in November 2006 by email filtering firm Postini, based in California, US, found that spam now accounts for 91% of all email and that over the past 12 months the daily volume of spam has risen by 120%.
A separate report, from IronPort Systems, also in California, concludes that worldwide spam volumes increased from 31 billion messages daily in October 2005 to 61 billion messages daily in October 2006.
Advertisement
Security experts cite two key reasons for this surge, which comes after a brief respite. Firstly, spammers are using ever larger networks of hijacked computers, known as 鈥渂otnets鈥, to send out junk messages. According to Postini, more than one million botnet computers are currently capable of sending spam, with 50,000 or more active at any one time.
Secondly, spammers are using more sophisticated techniques to dodge filtering systems, most notably the use of 鈥渋mage spam鈥 鈥 messages contained in images designed to foil text-based filters (see Inboxes drowning in image spam).
State of siege
鈥淭his dramatic rise in spam attacks on corporate networks has the internet under a state of siege,鈥 said Daniel Druker of Postini. 鈥淪pammers are increasingly aggressive and sophisticated in their techniques, and protection from spam has become a front-burner issue again.鈥
Image spam reached a new high in October 2006, accounting for 25% of all spam. This is an increase of 421% in a year, according to IronPort.
Paul Judge, chief technology officer of Secure Computing, another California-based computer security firm, says even filters that use optical recognition have become less effective against this newest form of spam: 鈥淪pammers are using advanced graphical techniques, like random modification of image pixels and dynamic construction of images from multiple components, to bypass spam filtering tools.鈥
Spammers can reap profits from junk email in a variety of ways. Messages may simply advertise a product, such as Viagra, or they may include links to fraudulent 鈥減hishing鈥 sites designed to steal financial information or passwords from users. Some spam may also include an attachment capable of infecting a computer, providing yet another outlet for more spam.
Stock attack
Another major type of spam aims to rapidly increasing sales of stocks in a particular company. 鈥淭he creator of these messages has bought these stocks for cheap and aims to make a quick profit by pushing the value up,鈥 said Luis Corrons, director of PandaLabs, a security firm with headquarters in Bilbao, Spain.
鈥淭he greatest danger in these types of attacks is that, just as they can push prices up a bit, they can also cause them to drop. This could become a dangerous tool if used, say, as a weapon against a group of investors or a specific company.鈥
The latest spam figures have dashed hopes for a victory in the battle against unwanted email. A 2003 US law known as the CAN-SPAM Act, which increases penalties for spammers, has only had a limited impact. A claim by Microsoft chairman Bill Gates in 2004 that spam would be 鈥渦nder control within two years鈥 has also proven inaccurate.
McAfee of California, US, says some spammers now use 鈥渋sland-hopping鈥 鈥 directing messages from domain names belonging to small islands 鈥 as these are harder for filters to process. McAfee traced recent spam activity to the Isle of Man and the tiny tropical island of Tokelau in the South Pacific. Other island domains that it says are being used include those of Tuvalu, Tonga, and Sao Tome and Principe.
鈥淭his new trend is another example of spammers鈥 relentless quest to spread their abuse far and wide,鈥 says McAfee researcher Guy Roberts.