Advertisment

March the 'spammiest' month, warns McAfee

author-image
CIOL Bureau
Updated On
New Update

BANGALORE, INDIA: Spammers continue to divide their Internet resources. International spam campaigns generally send the same type of email to everyone.

Advertisment

Partitioning Botnets

Pill spam and Rolex-watch spam campaigns usually have a distinct internal email structure that allows them to be grouped together.

Not every spam-originating IP address will send to everyone in the world, but the images and URLs that are used in those spam messages tend to be the same across domains and countries.

In February we observed spam campaigns that began to further partition their resources. Selected companies received spam messages whose HTML content contained one of hundreds of Chinese URLs that forwarded the browser to a hosted commerce website; meanwhile other companies received the same message and the same content but their URL list was limited to only a few dozen compromised web servers. Other extremely large companies didn’t see any evidence of those spam campaigns.

Advertisment

This partitioning seems to go beyond the trend of producing more local-language spam and exhibits behaviour that appears both to protect the botnets from suffering a single point of failure and to probe the limits of spam researchers and vet their email lists. Blacklist systems that rely on honey-pot spam addresses to gather data may be weakened, as may systems that require a certain threshold or signature distribution to trigger.

Hosting companies that allow internal sites to be compromised tend to spread around the pain. Not only do the reputations of the host and the hacked sites suffer, but unmolested businesses and individuals who share those Internet resources can also be hurt. The need to preserve one’s web reputation reinforces the need for both a historical and a real-time threat intelligence perspective when choosing an ISP.

Keeping a ‘Watch’ on Holiday Spammers

On Valentine’s Day you might have been looking for a gift for that special someone, and spammers were looking for you to buy it from them.

Advertisment

This year replica-watch spam took over the number one spot for most persistent holiday spam. And not only was it number one, there were also days when replica-watch spam was greater than the amount of Delivery Status Notification bounce backs, briefly peaking at more than 20 percent of global volume. This is a difficult feat to achieve because it requires a spam campaign to be both large and accurate. After all, if a spammer’s email list is not accurate, then more bounce backs are likely to be seen in the wild.

Another surprising event shown in Figure 1 is the decrease in pill spam, which is usually a staple of any spam diet and something that we would expect to be particularly popular at this time of the year.

The spam strains are varieties we see commonly throughout the year; we considered them to be “associated” with gift-giving and love but not distinct enough to count as “Valentine’s Day” spam. Although we expected to see specific strains of spam pop up often for the Valentine’s holiday, we were disappointed. Valentine’s Day e-card spam was insignificant compared with what we saw during the Christmas or Thanksgiving holidays. Much of the e-card spam we did see still referenced Christmas and when a significant strain of Valentine’s greetings finally appeared, February 14 had already passed.

Advertisment
 

Still With Us After All These Years

Fighting the spam battle seems like a never-ending struggle. In this war, we’ve heard leaders such as Microsoft’s Bill Gates exclaim in 2004, “Two years from now spam will be solved.”1 We’ve also seen U.S. federal legislation designed to stop all spam in its tracks (the CAN-SPAM Act of 2003). Every four to six months roughly for the past five years someone has gone out on a limb to declare to the world that spam is dead, or at least would be dead soon. And the miracle cure each of those times?

Advertisment

Some new technology that returns a binary decision on ham or spam: Our technological enlightenment would lead us out of the darkness and into a brave new world of inexpensive business communications.

This view suffers from the same basic fallacy that seems to always accompany the developer of a new technology—a tendency to exaggerate the advantages of the new thing. Bronze swords beat pointed sticks and almost never need sharpening, desktop computers will never need more than 640KB of RAM, and spam is about to be solved.

A general rule for all things technology related is that nothing ever really ends; it only gets eclipsed by the next thing. People who think that DomainKeys Identified Mail will solve all phishing have forgotten Sender Policy Framework. Before that we were about to be saved by Reverse DNS Lookup.

Advertisment

All of these technologies designed to combat spam or fix email suffered from the same lifecycle: At first not enough people used it because it was too hard, then half the people implemented it incorrectly, and finally the technologies were circumvented by the spammers or misapplied in so many ways that the original purpose was too fuzzy to recall.

The cycle will end only when people stop being creative or stop challenging themselves to think on the next meta-level of pattern recognition. That will occur when spam stops being profitable, which will occur soon after advertising stops working on people. Which, of course, will never happen.

For more than a decade businesses have been able to protect their SMTP servers with heavy security, authentication, and known-senders lists, yet the problem remains that a company needs to communicate with new clients and partners. So a lock-down is not a complete solution.

Advertisment

Researchers must constantly anticipate the next step in Internet evolution to stay one step ahead of malware developers. Reputation-based service is one way in which organizations can keep ahead of the spammers because it does not depend on techniques that spammers use. Each new security tool represents an exponential improvement in our ability to stop spammers and triggers a reaction from them that creates a new balance. Spam will keep us company for a long time to come.

Productivity Loss One Measure of Spam’s Cost

When someone says “spam has reached chart-topping levels,” what does it mean? If spam really is at record-breaking levels, should you care? What does it mean to you or your business?

We see spam all the time; we’ve adapted to it, become numb to the barrage. To most of us it is an unwelcome interruption in the day, to others it is a distraction from the tedium of work. Whatever spam is, it took a little piece of your time, insignificantly whisking into the background the drone of issues that you or someone else should worry about.

If you have 1,000 workers earning $30 per hour, your company will suffer $182,500 per year in lost productivity. This works out to more than $41,000 per 1 percent of spam allowed into a company. The best spam-filtering accuracy available today is around 99.5 percent, which translates to a savings of around $185,000 per year, for example, when compared with a solution that offers a 95 percent spam-detection rate.

 

March Spam Tsunami Forecast

History tells us that the ratio of peak March spam volume to the average February spam volume is increasing year after year. In fact, over the past few years, March has seen the biggest increase in spam during the first two quarters, with an average increase of around 10 percent to 15 percent in spam volumes as compared with February volumes. This year the impact on your email infrastructure might be even worse, as the current volumes are lower than usual because of the McColo shutdown; yet the volume is quickly catching up.

If spam really is at record-breaking levels, should you care?

For the business world, spam is a distraction, and all distractions cost money.

As we discussed in the prior section, the cost in lost productivity per day per user is $0.50, based on

the user’s having to deal with two spam messages each day and the user’s spam filter working at 95 percent accuracy. For the month of March, that would give us 31 days times $0.50, for a total of $15.50 per user.

A spam traffic increase of 20 percent in March would cost an extra $3.10 per user ($15.50 times 20 percent) while the user read and deleted spam instead of doing work. For a 1,000-user organization, that would cost the company an extra $3,100 for the month of March alone. This suggests that in March you will spend a dollar amount equivalent to three times the number of users in your organization just reading and sorting through the spam surge.

We’re not talking about viruses or malware or their cleanup, we’re talking only about the cost of indiscriminate scams, snake oil salesmen, and gutter pornography. Nor are we talking about the costs of storing spam or keeping records of it in the event of a corporate audit; those hard drives are filling up with clutter. Most small businesses don’t pay per kilobyte of bandwidth, nor do they find themselves laden with auditing requirements.

We’re also not taking into account the likelihood that individuals who get more spam have probably been employed longer, and likely have a higher average pay rate.

For the business world, spam is a distraction, and all distractions cost money. Ever-increasing volumes of spam batter us like waves, with some approaching tsunami proportions; these “storms” require vigilance and an escalation of the barriers to limit the distractions they cause.

tech-news