Yep… the level of spam is getting worse!
According to online message management company Postini, the amount of unsolicited e-mail spam has risen by 73% in the past three months. These figures really don’t surprise me at all!
As many of you are well aware we also own a small Web hosting business, upon which many of our customers entrust their e-mail services. All accounts come equipped with the ever reliable MailScanner software, which up until recent times has done a remarkably good job at filtering out most of the unsolicited e-mail. This has changed over the past few months, where we have seen a steady increase in the amount of complaints from customers about the amount of spam that they are receiving into their inbox.
So what has changed these past few months?
There are many online experts who believe that the level of spam has not increased so much as the sophistication. In a recent article, Brian Livingston states research from London-based analyst Richie Jennings that mentions that “naive commentators wrongly issued him that a doubling of spam in the inbox equals a doubling of spam on the Internet.”
His research indicates that spam has increased up to 20% in the past three months. However the real interesting aspect is that they have seen a 100% increase in the amount of spam that is being delivered to people’s inboxes.
He also mentions that this increase in delivery is due in part to the spam messages ability to use images to convey content rather than traditional text e-mail based messages. These image-based e-mails are proving to be very successful in their ability to bypass traditional spam filters such as MailScanner.
Just who is sending this spam?
A lot of the problem has also been attributed to a group of Russian hackers that are using a Trojan named “SpamThru” which is reported to have hijacked over 70,000 computers. This particular botnet is showing a new level of sophistication and is theoretically capable of sending a billion spam e-mails per day.
Security analyst for SecureWorks John Stewart found that SpamThru was a complex operation with a data base hacking component that signalled the ability of the spammers to target their “pump and dump” scams with victims associated with financial institutions. According to Stewart, about 20 small investment and financial news sites have been breached with the express purpose of obtaining user information to target with their “penny stock scams”.
“They’re breaking into sites that are somewhat related to the stock market and stealing e-mail addresses from those databases. The thinking is, if they get an e-mail address for someone reading stock market and investment news, that’s a perfect target for these penny stock scams,” Stewart said in an interview with eWeek.
Can anything be done to stop this?
From a technical point of view, I’m sure that there are many companies working on solutions to these type of issues, but the real problem lies in that the antispam/antivirus/antispyware/antimalware vendors are always one step behind the spammers and hackers and are forever playing catch up.
There are those that also believe that the ISPs also shoulder part of the blame in that they should be blocking all unauthorised traffic on port 25 which is used by computers to send e-mail. David Hart believes that any port 25 traffic not destined for an ISPs own mail server and accompanied with an authorised username and password should be rejected.
A lot of blame should also be dumped upon most Gulf overnments around the world that have very weak spam laws and should be looking to shut down and deter spammers with extremely harsh penalties.
From an Internet user perspective the best thing that anyone can do is not purchase any of the crap that these guys are trying to sell. If we don’t buy anything surely they won’t have any money to fund their projects and pony for the bandwidth they use.
