Home / Editorials
Sun, Nov 12, 2006 - Page 9 News List

Why spam is getting out of control

Noticed a lot more junk in your inbox? Increasingly sophisicated methods are bein gused to pump out millions of unwanted e-mails

By Danny Bradbury  /  THE GUARDIAN , LONDON

The types of spam being sent are also changing, Heron warned.

In particular, spam mail promoting cheap, penny stocks in obscure companies have grown in volume. Called "pump and dump" spam, it works by sending false or outdated "inside information" to large numbers of people urging them to buy the stock, promising a leap in price. The spammers, who have bought the stock cheap, dump it on the market and pocket the difference.

"Pump and dump" spam often uses embedded images, rather than text or HTML links, making it harder to spot, says Cluley, who believes many are being sent from Stration-infected computers.

"We've begun to see that overtaking the traditional spams" that sell performance-enhancement drugs, Heron said. "It must be giving a better return to the spammers."

It is a bad deal for victims, as the www.spamstocktracker.com. Web site illustrates.

block

Hart wishes that ISPs would simply block all unauthorized traffic on port 25, which computers use to send e-mail.

He argues that any port 25 traffic not destined for an ISP's own mail server and accompanied with an authorized user name and password should be rejected. However, neither of the UK's most popular ISPs, BT Retail and NTL, block this port, although they do scan for bot-like activities on their own network.

But if botnet operators continue to send fewer mails from each bot, scanning for telltale activities may become more difficult -- and experts worry that the mails could become more effective.

"Lower-volume target attacks are on the rise," Watson said. "Just like in the legitimate world, better market demographics and more targeted sales techniques can sometimes yield better results, and cyber-criminals understand this."

Building a database of more targeted information about an individual, such as where they work, and sending mail specifically to them will enable spammers to increase their per-spam yield.

The trade-off for more focused spam will be the effort involved in gathering information about their targets, explained Heron.

But just as legitimate markets evolve, so do illegitimate ones, Watson concluded.

"One of the common opinions in the botnet tracking community is that in this particular arms race, the black hats currently have the upper hand," he said.

This story has been viewed 3305 times.
TOP top