The Deadly Duo: Spam and Viruses, May 2004

A small nugget of good news lies buried among the mountains of unsolicited commercial e-mail: the spam volume held steady from April to May, according to two leading e-mail processing firms. Brightmail’s Probe Network found that spam leveled at 64 percent, while Postini measured the monthly volume unchanged at 78 percent.

According to Brightmail’s assessments, the last time the spam volume was unchanged was August 2003 when it maintained a 50 percent level.

But Internet users shouldn’t be optimistic, and Andrew Lochart, director of product marketing for Postini, notes that the plateau is not indicative of an imminent decline in spam volume. Lochart comments on the chief factor for the unchanged volume: “There is a built-in leveling when spam is reaching this rate, because it can’t grow as fast anymore.” Lochart adds, “Month-to-month measurement is not enough for us to claim victory and expect to see a decline.”

While the volume may have temporarily stalled, the distribution of spam among certain categories has changed. Brightmail measured a slight increase in the amount of adult-related spam, indicating that spammers were not deterred by the new rule from the Federal Trade Commission (FTC) ordering sexually oriented unsolicited e-mail to be labeled as of May 19. Most of the spam continues to be product-related, with the largest growth in the scam spam category. Brightmail reports that there were 102,517 consumer complaints about Internet scams made to the FTC in 2002, representing a nearly 100 percent increase over 2001.

Where’s all the spam coming from? According to Commtouch, Yahoo.com and the United States are the perfect combination of conduits for spammers. Commtouch’s executive vice president, Avner Amram, explains: “Many mail servers reject incoming e-mail attempts at the start of the receiving session (SMTP) [define], if the receiver of the e-mail message is not recognized on the system. The mail server which Yahoo.com uses doesn’t support this feature in the beginning of the receiving session, but rather at the end of it.”

Lochart maintains that identifying unusual traffic behavior from a particular IP [define] address is the first layer of defense against spam, and through its 400 million SMTP connections every day, 53 percent is blocked before content is evaluated. “Unusual behavior is the red flag. We [Postini] don’t even have to look at your message to know that it is something we don’t want to deal with.”

Despite spammers’ creativity, they have not been successful in modifying IP addresses. “Everything in an e-mail message could be spoofed, but they can’t forge the IP address of the person sending the message. It’s the only thing that is unique,” says Lochart, which leads spammers to turn “Grandma’s” computer into a zombie [define].

Research from Sandvine revealed that up to 80 percent of spam is likely generated from zombie PCs that house spam trojans [define]. Sandvine explains that spam trojans are usually installed by worms or spyware, and they exploit vulnerabilities created by worms in order to bypass normal e-mail routing and drop spam messages directly into end user machines.

Trojans are among the nuisances that Internet users encounter, while viruses are often destructive. Of the 5.7 billion messages Postini processed in May, 107,901,554 were identified with viruses — an increase of 0.3% from April.