This article can also be found in the Premium Editorial Download "Information Security magazine: Five crucial virtualization do's and don'ts."
Download it now to read this article plus other related content.
Spam hasn't been "solved"; in fact, the scourge has grown worse as attackers continually trump counter-measures and refine their focus on high-value targets.
As with any conflict, it's instructive to understand how and why it started, how it is being fought and what we can expect.
Spam started primarily as a marketing vehicle. Sending email to harvested lists was the most cost-effective way to get a message out; a very small percentage of responses to these mass mailings was enough to turn a profit.
It wasn't long before spam was used to carry malicious payloads. Ranging from Melissa, I Love You and MyDoom to the most recent scourge, Storm, the email attack is here to stay. The reason is pretty obvious: the attack mechanism remains as profitable as ever.
Sophisticated spammers bring traditional direct marketing tactics to the table, innovating with new campaigns, tracking responses and refining the programs. The rise of PDF spam at the end of 2006 is a great example. PDF spam, designed to evade detection by email security tools, disappeared as quickly as it appeared because it didn't get
| the same response rates as other techniques.
So we've seen the bad guys return their focus to more traditional methods like plain text and HTML formatted messages, according to Mark Sunner, chief security analyst of email security service provider MessageLabs. They still continue to try new ways to more effectively monetize PDF spam, tuning the offers and subject lines to increase response.
It's a multibillion-dollar business and growing rapidly, so it's no surprise that organized crime is involved, investing heavily in networks that focus on stealing identities and monetizing those identities over time.
The battle escalated as the bad guys started to morph their messages by adding random strings and text that would thwart signature detection. Security researchers countered by developing Bayesian filters and other heuristic detection techniques to more effectively catch this frequently changing spam. Fast forward a year or two to 2003-04: All of these techniques were optimized into a spam "cocktail," which determined the relative weighting of these detection mechanisms to maximize effectiveness.
In 2005, reputation-based detection was born, as antispam vendors realized you could determine the likelihood of a sender's intent based on IP address. Known spammers were quickly blocked, and it became a lot harder to get a message into the inbox.
Now, the bad guys increasingly use bots to obscure their true identities and intentions. Since the bot is anonymous and tends not to have a "bad reputation," bots are very effective for a short period of time.
This was first published in June 2008