Spam, spam, spam, spam (and big brothers)

Buy today's 1T B10gvvatch, in which we discover new spamming techniques. Not to mention big brother (in more ways than one)...

Bob Sullivan got people talking:

Spam is back, and worse than ever. If you feel like your inbox is suddenly overrun with spam again, you are right. Not long ago, there seemed hope that spam had passed its prime ... it now appears spammers had simply gone back to the drawing board ... In fact, there's twice as much spam now as opposed to this time last year. And the messages themselves are causing more trouble. About half of all spam sent now is "image spam," containing server-clogging pictures that are up to 10 times the size of traditional text spam. And most image spam is stock-related, pump-and-dump scams which can harm investors who don't even use e-mail. About one-third of all spam is stock spam now.


There are 62 billion spam messages sent every day, IronPort says ... spam accounts for three of every four e-mails sent, according to another anti-spam firm, MessageLabs ... stock spamming has the ability to send share prices of penny stocks soaring [according to] Sophos.


Spammers continually refine and combine their techniques ... Symantec ... recently found spam attached to legitimate newsletters that appear to be from big companies, including a Viagra ad atop a 1-800-Flowers e-mail newsletter and another on an NFL fantasy league letter. Such e-mails are simply spam masquerading as authentic, with real content borrowed from legitimate companies.

Your humble blogwatcher takes a closer look:

Spammers [are] sending messages that look like legitimate newsletters. Nasty ... There's no suggestion that the spammers have broken into the sending systems used by these brands. They just seem to be cloning legitimate content and modifying it. In the same way that phishers modify a bank's legitimate transactional messages to link to their own site, these spammers are taking copies of legitimate newsletters and tweaking them to include their spamvertisements.

But why go to all that trouble? The idea is to take advantage of people's abhorrence of false positives. Spam filters will be carefully programmed, trained, or whitelisted to let legitimate newsletters through. If a spammer can make their spam look like one of these newsletters -- especially a widely-read newsletter -- they can get through the filter and in front of the user's eyes. [click through for a screenshot of an example]

Wesley Fryer wonders why people are so stupid:

The sheer quantity of spam is overwhelming ... It is sad that the closing paragraph title of the article is even necessary: ‘Never invest based on spam.’ You would think most people would be more critical consumers of information (including email) than to fall for email spam encouraging stock investing, but apparently not– otherwise a large percentage of spammers (according to the same article) would be out of business.

Surpass Hosting's Kayla Fleming has the service-provider perspective:

[We] must do their part to outsmart the spammers and scammers, and to help Internet users understand the "why and how" of it all. Most of us are already doing a superb job, but there are some serious problems lingering out there without answers.

Have you ever noticed that Verizon houses nearly 100 ROKSO spammers? Verizon's Spamhaus records go back to 2002 with the help of leftover MCI listings. Why are they allowing these organizations to operate freely in their turf? This is what I am trying to find out. To know that larger corporations are not doing their part is disappointing as we work so diligently on the sidelines.

Vladimir Ivashchenko adds:

Most of SPAM is sent from PCs infected by trojans. Actually it is relatively easy for an ISP to prevent this type of SPAM from being sent from its customers. Over here in PrimeTel we do not allow home users to connect to third-party SMTP servers by default, and developed an add-on to the mailserver so that any IP address which has sent more than threshold amount of emails during past hour will be blocked automatically.

However, your humble blogwatcher warns:

Increasing numbers of ISPs block the outbound SMTP port 25, requiring all outbound email to go through the ISP's official MTA, using SMTP authentication. However, ISPs that have implemented port 25 blocking shouldn't rest on their laurels. The basic problem with port 25 blocking is the ability of botnets to subvert it. Once a PC is compromised, there's nothing to stop the virus from submitting spam to the official ISP MTA, using credentials stolen from the Windows registry or keyboard monitoring.

While port 25 blocking is useful if an ISP's only defense is outbound spam filtering, ISPs should do so much more. For example:
  • Cooperating with reputation services that list IP ranges that have no business sending unauthenticated-direct-to-MX, such as Spamhaus's new PBL
  • Recording the volumes of outbound port 25 traffic -- a sharp increase from the historical trend can indicate infection
  • Monitoring blocked attempts to use port 25 to outside MTAs -- another indication of infection
  • Disrupting botnet command and control messages
  • Moving infected PCs into a "walled garden", which prevents them from sending email, surfing the Web, or using other Internet applications until the problem has been cleaned up

Nick Knisely advises wisely:

For what it's worth, if you ... plan on sending email out to folks ... and you'd like to reliably get mail from other people, get yourself a reliable email hosting company. Don't rely on the free email accounts that come with your DSL, Cable or dial-up internet account.

I use FastMail for my personal mail and Tuffmail for the Cathedral mail. (I like FastMail a lot, but it's not setup at the moment to handle multiple users on one bill.) There are lots of others out there as well. One of the better free ones is GMail - especially their Google Apps for Your Domain program that provides hosting, email and document sharing for free. (As long as you trust Google to not lose your account (which happens) and to protect your and your parishioner's privacy.)

Trust Warner Crocker to come up with the final, ultimate solution:

We should pass a law to have some sort of violent, vicious, capital punishment for spammers. Actually, I think we should do this for the idiots who keep clicking on the stuff that makes the whole enterprise viable.

Buffer overflow:

Around the Net

Around Computerworld Previously in IT Blogwatch

And finally... 1984 comic book [hat tip: Boing Boing] Bonus link: Shilpa gets a bindi [in case you're following the madness that is Celebrity Big Brother UK]

Richi Jennings is an independent technology and marketing consultant, specializing in email, blogging, Linux, and computer security. A 20 year, cross-functional IT veteran, he is also an analyst at Ferris Research. Contact Richi at Bloody vikings.

Copyright © 2007 IDG Communications, Inc.

Shop Tech Products at Amazon