honoluluadvertiser.com

Sponsored by:

Comment, blog & share photos

Log in | Become a member
The Honolulu Advertiser
Posted on: Tuesday, November 28, 2006

Spam dividing and multiplying

By Jon Swartz
USA Today

SAN FRANCISCO — Baskin-Robbins isn't the only one with plenty of flavors.

A wide palette of spam and an increase in "bot" networks that deliver them have created a record crush of unsolicited commercial e-mail this year.

An estimated 62 billion spam messages per day choked e-mail systems in October — twice the volume of October 2005 — says security firm IronPort Systems.

"There are an infinite number of variations of spam," says Scott Petry, founder and chief technology officer at anti-spam manager Postini. "The only limit is the imagination of spammers."

The surge is a blow to anti-spam forces, who saw a leveling off of unsolicited commercial e-mail in 2005 and hoped for a long-term decline.

"It is rocketing," says John Thielens, chief technology officer at security firm Tumbleweed Communications. "It is less costly to launch an attack because of the widespread availability of bot nets, and there are real economic returns for phishing-related spam."

Spammers increasingly are using massive networks of hijacked computers, called bots, to deliver their messages. Postini tracked more than 1 million bots carrying spam per day — more than twice what it was a year ago. IronPort Systems estimates more than 80 percent of spam is sent via a bot net.

Different flavors of spam:

  • Image-based. Hackers use techniques such as rearranging as many as 25 tiny images into a message in an e-mail or using animated attachments to bypass optical character-recognition technology to avoid detection by e-mail security systems.

    Such messages make up 36 percent of all spam, compared with less than 5 percent in 2005, Tumbleweed says.

    "Image spam is the most common form of spam getting past spam filters," says Terry Myerson, general manager of Microsoft Exchange Server, which is toughening anti-spam tools for Exchange Server 2007.

  • Gibberish. "Nonsensical, random words are designed to confound anti-spam filters that examine incoming e-mail for words often associated with spam. Slipping in words normally used in valid e-mail is also intended to contaminate spam-filter checklists, forcing them to mark e-mails with common words as spam, says Amir Orad, vice president of consumer marketing at RSA, the security division of EMC.

  • Phishing spam. Federal officials warn of new fake e-mail that purportedly comes from the Social Security Administration, demanding financial and credit card information.

    The e-mails contain the subject line "Cost-of-Living for 2007 update" and the following message: "NOTE: We now need you to update your personal information. If this is not completed by November 11, 2006, we will be forced to suspend your account indefinitely."