Spam Doubles, is this Spam 2.0?

Just read this article on the NYTimes website called Spam Doubles, Finding New Ways to Deliver Itself, and the second paragraph says “Spam is back”, but what I want to know is, when and where did it go that it is now back? Spam hasn’t slowed down at all for me, at least on the accounts that get spam, I still have a couple that are pretty much spam free, so there spammers, stick that in your botnet and smoke it. I have noticed a big spike in image spam, and those are the bad ones as they know you looked at the email because the image has to load. By default, I make sure the displaying of images is turned off, so that does help keep them from knowing whether I opened it our not. Don’t mistake me, I hardly ever open it, but some of the titles make it hard not to, especially if you are using the internet for anything much at all.

You?re not the only one. Spam is back ? in e-mail in-boxes and on everyone?s minds. In the last six months, the problem has gotten measurably worse. Worldwide spam volumes have doubled from last year, according to Ironport, a spam filtering firm, and unsolicited junk mail now accounts for more than 9 of every 10 e-mail messages sent over the Internet.

Much of that flood is made up of a nettlesome new breed of junk e-mail called image spam, in which the words of the advertisement are part of a picture, often fooling traditional spam detectors that look for telltale phrases. Image spam increased fourfold from last year and now represents 25 to 45 percent of all junk e-mail, depending on the day, Ironport says. Source: NYTimes

Nowadays, spammers are using botnets to send spam, so that defeats a couple of the ways anti-spam organizations fought spam, by analyzing the reputation of the sender and it makes using blacklists of known junk emailers kind of useless. It also allows them to send many more spam messages because the spam is coming from thousands of computers and not just a few and they are using someone else’s bandwidth. And by using images instead of text messages, one CTO says they moved spam into their blind spot. They can change each individual email message just a little bit to confuse anti-spam filters that look for the same message over and over, a technique that could instantly thwart spam email in the good old days.

But don?t spammers still have to link to the incriminating Web sites where they sell their disreputable wares? Well, not anymore. Many of the messages in the latest spam wave promote penny stocks ? part of a scheme that antispam researchers call the ?pump and dump.? Spammers buy the inexpensive stock of an obscure company and send out messages hyping it. They sell their shares when the gullible masses respond and snap up the stock. No links to Web sites are needed in the messages.

Though the scam sounds obvious, a joint study by researchers at Purdue University and Oxford University this summer found that spam stock cons work. Enough recipients buy the stock that spammers can make a 5 percent to 6 percent return in two days, the study concluded.

I hadn’t noticed those penny stock emails don’t link to anything, this is ingenious in its sick little way, being able to make a 5 or 6 % return in just two days is probably well worth it for the spammers.

Some antispam veterans are not optimistic about the future of the spam battle. ?As an industry I think we are losing,? Mr. Peterson of Ironport said. ?The bad guys are simply outrunning most of the technology out there today.?

And they will keep winning as long as people still fall for their scams and messages, as long as users click on the links or buy the stock, spam will be here to stay and will probably get worse. It’s sad to say it, but right now education is the key. Once they no longer make money from it, it will peter out and slow down, but that day is a long way away, most users don’t care, don’t understand or just don’t pay attention when you try to teach them good computing practices. What is the solution? Complete revamping of the email system, which is easier said than done.

As a side note, the way spammers are using botnets should show everyone how well large groups of computers can do things together, as evidenced by the Seti project and a few other distributed computer projects.