For David Hart, monitoring spam is a matter of atonement. The technician, formerly a consultant for a spammer, reformed a couple of years ago and started his own DNS blackhole list -- a list of Internet addresses that have been identified as spam senders. Volunteers at TQM3, including Hart, watch e-mail traffic for likely spammers and constantly update the list, which is then available to systems administrators across the Internet.
"There's a certain amount of guilt," Hart said. "I was wrong, and this is part of making amends for a profound misjudgment on my part."
Recently he's been getting plenty of opportunities to redeem himself, thanks to the "tail" -- a screen on his e-mail server that shows all the IP addresses on the Internet that are being added to his spam list. Normally, the tail twitches along at a steady rate, but lately, activity has exploded.
"It's been scrolling so fast that it's been hard to keep up with it," Hart said. "Since the early summer we have seen a significant increase, and it has been reported elsewhere."
The growth in spam is also showing up at companies such as Postini, which analyses Internet traffic using its filtering system before delivering it to clients.
"We're seeing growth in overall spam in terms of volume and relative percentage," Postini founder Scott Petry said.
The company monitored nearly 70 billion e-mails in September and October, and spam levels soared by 59 percent during that period. The company says that 91 percent of e-mails are now spam.
Why? There is no single cause, say experts, but rather a confluence of unfortunate events. One of the biggest problems is that the main vehicle for spam -- vast networks of home computers infected with malware, known as "botnets" -- have been growing in size.
These botnets have existed for about five years. They are created when worms or Trojan horse programs are used to infect a PC, taking control of it and forcing it to accept commands sent by a central controller.
The commands, traditionally sent via a real-time online chat protocol called Internet Relay Chat (IRC), were initially used to force large numbers of bots to attack a target Web site, flooding it with traffic in a distributed denial of service (DDoS) attack.
DDoS attacks still happen, but bots are increasingly used to send spam e-mails, in effect acting as their own mail servers. In the 1990s, spam was mostly channelled via unprotected e-mail servers online, used to send thousands of unsolicited e-mails anonymously. But then network administrators began locking them down.
Now, spammers send e-mail directly from home machines thanks to botnet operators who program them to become e-mail servers and then sell their processing power and bandwidth. These money-motivated operators are honing their product, warned David Watson, who works on the UK Honeynet project (www.ukhoneynet.org.), a non-profit research effort to track spammers' activities.
"Because of the high risk/reward ratio, the major perpetrators are upping their game and producing ever more professional and effective cyber-scams on an almost daily basis," he said.
Today's bots are infected with modular, kit-based software that can easily be upgraded and reconfigured to take advantage of any new vulnerability discovered in Windows; botnets are almost exclusively targeted at Windows PCs.