RealTime IT News

IDC: Spam To Rocket Past Legit E-Mail This Year

A new report by IDC says that spam could surpass legitimate e-mail in terms of volume this year as unsolicited e-mail continues to explode and e-mail falls out of favor as a means of communication.

Text messaging and voice over IP (VoIP)  calling, especially among younger consumers and workers, are becoming the communications means of choice. IDC estimates that the size of business e-mail volumes sent annually worldwide in 2007 will approach 5 exabytes , nearly doubling the amount over the past two years.

IDC predicts that nearly 97 billion e-mails will be sent daily worldwide in 2007, over 40 billion of which will be spam. Places like China, eastern Europe, and Israel high percentages disproportionate to their populations, but there's also a large amount coming from North America, according to Mark Levitt, vice president for collaborative computing, enterprise workplace at IDC.

There has been a significant upswing in spam getting through since late last year, Levitt said, and the reason is two-fold: image-based spam, which is hard to impossible to detect by keyword filters, and increasing e-mail volume.

"Even if you get 95 percent of the spam with filters, if you double the output, that's double the amount getting through," he told internetnews.com.

It's certainly not getting any better. Panda Software reported that 87.5 percent of all e-mail scanned by TrustLayer Mail, its managed server for e-mail filtering, in March was spam.

The latest outbreak is a whopper. It's a variant of the "Storm Trojan" worm, which installs a rootkit, disables security software, and installs both a keylogger and a bot .

It arrives with subject lines such as "Worm Alert!," "Worm Detected," "Spyware Detected!," or "Virus Activity Detected!" Attached is a ZIP file that purports to be the fix, when it's actually the payload.

And therein lies the main problem with spam: there are still too many naïve computer users who open them, click on links or respond to the offers.

"The average user is unknowingly complicit in the issue and there is no clear delineation of authority over who can remediate it," said Adam O'Donnell, senior research scientist at Cloudmark, developer of spam filtering software.

Spam is a business, and the spammers keep doing it because people keep falling for scams like penny stocks or clicking on links to install key loggers. "If the market disappears for the products being pushed in spam, if spammers stop making money, then spammers will disappear," said O'Donnell.

Levitt said people get suckered into opening up spam fairly easily.

"Even by opening a spam you are confirming the e-mail address, you are potentially infecting your system, and unfortunately, too many people respond with info about themselves. They think if they just give their name that's safe, and it's not. It's not only monetary transfers that keeps spammers going. It's the valid e-mail address they can sell or info that can be used for identity theft," he said.

In the 1990s, spammers like Sanford Wallace were easy to track down, but today, most of the spamming is done by botnets . Those botnets are on compromised computers, more often than not home users than corporate systems.

Spamhaus, which tracks spammers, lists Verizon as the worst offending network for spam, and AT&T as the third-worst.

"Spammers have taken the lessons of distributed computing and applied them to how to distribute their content," said O'Donnell. "They've built these large botnets of compromised systems to send out their spam. If the person is only sending out a couple messages a day they would never know."

Thus far, spam remains a nuisance for companies at large and has not brought down anyone's mail servers, according to Levitt. "I'm not aware of any company saying they won't use e-mail anymore because of spam. Most e-mails received by users are legit and most spams are blocked. So e-mail is still an efficient tool," he said.