Spam Fight Escalates

Computerworld - Computer security analysts who fight spam face the same thankless task as goalkeepers: They don’t get much credit for the unsolicited e-mail they stop, only demerits for the ones that get through. But those few messages that wriggle past increasingly sophisticated filters constitute the greatest threats on the Internet. The sheer volume of spam threatens to bring the Internet to a crisis point. The amount of all e-mail traffic that is spam has recently risen to 85%, according to the Messaging Anti-Abuse Work Group in San Francisco.

“We see spam just going up to the point where Internet servers start having difficulty,” says Steven Linford, CEO of The Spamhaus Project Ltd., a London-based nonprofit that generates a list of spam sources that organizations can use to block spam.

“Spam will tend to increase to where it will be 99% of all e-mail on the Internet,” he says. “At that point, governments will start to take notice.”

Antispam software usually aims to filter out 98% of bad messages — any higher level of filtering tends to snag real messages.

So spammers are aiming for the 2% window, and in the past few months, they have even honed new methods to hit the in-box bull’s-eye, experts say.

Sophos PLC, one of many vendors of antispam software, has analysts at its SophosLabs facilities in Abingdon, England; Vancouver, British Columbia; Boston; and Sydney, Australia, watching the Internet around the clock for threatening spam and malicious software.

The Sophos lab in Abingdon doesn’t look much different from any other office. But it’s mission control for security analysts with special rules: No computers or electronic equipment can be brought inside, and the room remains locked.

Sophos catches spam in “traps” — abandoned e-mail addresses and domains that have been donated for the purpose of research. Messages sent to those addresses are invariably spam. Sophos catches hundreds of new malware and spam samples each day; many can be stopped immediately if the samples show characteristics that are similar to known problem code.

New, unique spam messages are prioritized and doled out to researchers for inspection. Spam does leave a trail, albeit one that’s often a confusing series of hops between servers around the world. After following the trail, Sophos updates its software to block the spam source.

“We’re unusual in the respect that we like to receive spam,” said Mark Harris, global director of SophosLabs.

On a recent day, a