Beware of Botnets and Other New Kinds of Spam
Businesses appear to be falling behind in the eternal war against spammers. Just when they manage to block one variety of unsolicited junk email to their office inboxes, another variety is developed. Until new technological advances come along, the best they can hope to do is use existing technology to stem the flow or outsource the work to companies that fight spam full time.
In the last year, the amount of spam rose 250 percent over 2005 levels, according to security software firm SonicWall, in Sunnyvale, Calif.
There are two main reasons for this surge: Image spam and botnets.
Making it past spam filters
Botnets, in which a virus takes over a PC and turns it into a spam-sending machine, have helped increase the overall amount of spam. The way it works is that perpetrators that want to take over other people's computers for the purpose of sending spam first distribute viruses or worms to mostly Windows PCs. The code also contains a bot, or software robot, that automatically logs onto a server. Spammers access the server and order it to force the PC to send out spam to mail servers.
While botnets are dangerous, some businesses try to block bots from being deployed through the use of intrusion prevention systems, either through a hosted service or at the network level. While effective against network-base infections, IPS offers little to defend against infections caused by employees willingly downloading bot infection payloads deceptively marketed as screen savers or browser toolbars. And once infected, these systems won’t stop bots from communication with botnets using standard http and https protocols.
Image spam is also proving difficult to combat. Image spam has added to the amount of spam that makes it past spam filters employed by many businesses or Internet providers. Image spam was devised to foil filters looking for words like “Viagra” or “XXX.” When text is presented in a JPEG or PDF, such text-seeking filters are rendered useless.
Image spam has been around for a while, but until 2004 or so most of it was filtered out by software that was looking for “signatures” -- domains, common words or phrases, bulk recipients, etc. -- that were common to emails sent en masse. The spammers came up with “snowflake spam,” in which every image is unique, although they look the same to the naked eye.
Spammers quickly discovered the technique works: In 2005, only 3 percent of spam was imaged-based. In 2006, that figure rose to 30 percent, according to IronPort Sytems, a San Bruno, Calif., gateway security provider.
Patrick Peterson, vice president of technology for IronPort Systems, says signature-based filters don’t work very well anymore. IronPort does do some image-based filtering, like looking for similar background colors, but the technique is far from foolproof and optical character analysis -- the ability to recognize image-based text -- is still way too ineffective.
How to block the new flavors of spam
Another way to address image spam is to simply block all images unless they are sent from an address that has been pre-selected by the recipient. The downside, of course, is that some legitimate emails will inevitably be lost in the shuffle.
In addition to of filtering and blocking, many spam-fighters are focusing on “reputation analysis,” that is, assessing the validity of the recipient based on the incoming email address. Such reputation analysis finds out where the spam is coming from and then creates a blacklist.
Analysts say while reputation analysis is the most effective ways to combat spam right now, it is far from a total solution. The other problem is that, like with image spam blocking, legitimate emails may be blacklisted. “These are small steps,” says Jeanniey Mullen, executive director of email marketing for Ogilvy, the New York ad agency. “I don’t think anyone has the answer yet.”
Arabella Hallawell, research vice president for Gartner Research, of Stamford, Conn., recommends either getting an email appliance to limit a system’s exposure to spam and/or outsourcing -mail management to someone else. Not surprisingly, Peterson agrees with her. “The ante has really gone up,” he says. “In the old days, five to 10 really smart guys could put together a spam solution that’s pretty good. Now we’ve got 30-plus guys working on spam just to stay ahead of what the bad guys are doing.”