Spam is once again on the rise, and this time it’s apparently being fueled by spam vendors that can’t scale. That’s the accusation being leveled by Google, which today revealed some surprising new spam figures.
The fight against spam has increased in traction for Google (NASDAQ: GOOG) with the acquisition of vendor Postini for $625 million last year.
Time of year plays a role in the increased volume of spam seen in July, according to Sundar Raghavan, a product marketing manager with the Google Apps Security & Compliance team
“Historically every summer there is increased activity in terms of spam volume, but the sophistication they are using this time around seems to be more robust,” he told InternetNews.com.
“Between July and August we have started to see a very interesting pattern in term of volume and sophistication of e-mail threats incoming,” Raghavan said. “Around July 20 we started seeing a spoofed UPS tracking e-mail messages going to users. On July 24 saw a peak of 10 million messages.”
The UPS tracking message was a phished e-mail that led its victims to a spoofed page that could have infected users. What makes the new spike in spam noteworthy according to Raghavan is actually the message content.
Though the phished UPS (NYSE: UPS) message had a lot of traffic, more topics in general are being used in phishing messages seen by Google.
“Cross Site Scripting messages have been around for a while, and typically it’s a generic message,” Raghavan said. “This time around they’ve figured out how to harvest the most current titles as bait, and the underlying link is also changing.”
According to Raghavan, the pattern was a common topic linked to one or two servers but massively distributed. “Now we’re seeing multiple topics each one linked to different servers,” he explained.
Raghavan noted that topics for many spam e-mails are being ripped right from CNN headlines. On the sending end, Google engineers are still trying to pinpoint where all the traffic is coming from, but it’s a difficult task. Much of the e-mail is being sent from massive geographically diverse botnets that are constantly changing.
The spike in spam so far this summer has not been driven by any particular holiday or event. Raghavan specifically noted that as far as he was aware the Summer 2008 Olympics in Beijing was not being used on a broad scale as a spamming topic. Other security firms have recently argued otherwise.
Google has also not seen any increase in spamming activity related to the recent disclosure by Dan Kaminsky of security issues with DNS
“We didn’t see any exploits — our security team was on the ball on this [DNS] from the get-go,” Raghavan said.
So what’s driving the spammers then? According to Google, it’s partially due to the failure of spam-detection vendors.
“Whenever we see an unusual spike it’s not always the case that spammers have increased their volume arbitrarily,” Raghavan argued. “It is the case that a few vendors have been ineffective at detecting the links. Once spammers figure that someone is not detecting their technique really well, they pummel the system.”
According to Raghavan, Google doesn’t face a particular technological difficulty in fighting spam. He noted that Google is constantly expanding its heuristics capabilities to automatically detect spam. The other challenge is about meeting the scalability challenges that massive volumes of spam can cause.
“A lot of problems occur because when customers take on these challenges for themselves, whether it’s with an appliance or software, they are setting themselves up for scaling the infrastructure,” Raghavan said.
“At Google this is our bread and butter,” Raghavan said. “If there is one worry I have it’s not if Google can scale, it’s if community at large can scale.”