Spam Blockers Losing Ground on Sophisticated Attackers


This article can also be found in the Premium Editorial Download "Information Security magazine: Five crucial virtualization do's and don'ts."

Download it now to read this article plus other related content.

Spam hasn't been "solved"; in fact, the scourge has grown worse as attackers continually trump counter-measures and refine their focus on high-value targets.

The war against spam has not come to a swift and just conclusion. Ever since Bill Gates' proclamation in 2004 that spam will be "solved" within two years, the problem has gotten worse, with no light at the end of the tunnel.

As with any conflict, it's instructive to understand how and why it started, how it is being fought and what we can expect.

Spam started primarily as a marketing vehicle. Sending email to harvested lists was the most cost-effective way to get a message out; a very small percentage of responses to these mass mailings was enough to turn a profit.

It wasn't long before spam was used to carry malicious payloads. Ranging from Melissa, I Love You and MyDoom to the most recent scourge, Storm, the email attack is here to stay. The reason is pretty obvious: the attack mechanism remains as profitable as ever.

Sophisticated spammers bring traditional direct marketing tactics to the table, innovating with new campaigns, tracking responses and refining the programs. The rise of PDF spam at the end of 2006 is a great example. PDF spam, designed to evade detection by email security tools, disappeared as quickly as it appeared because it didn't get

    Requires Free Membership to View

the same response rates as other techniques.

So we've seen the bad guys return their focus to more traditional methods like plain text and HTML formatted messages, according to Mark Sunner, chief security analyst of email security service provider MessageLabs. They still continue to try new ways to more effectively monetize PDF spam, tuning the offers and subject lines to increase response.

It's a multibillion-dollar business and growing rapidly, so it's no surprise that organized crime is involved, investing heavily in networks that focus on stealing identities and monetizing those identities over time.

The first generation of spam defense was really about matching messages that we knew were bad--much like traditional antivirus detection is about matching attack signatures.

The battle escalated as the bad guys started to morph their messages by adding random strings and text that would thwart signature detection. Security researchers countered by developing Bayesian filters and other heuristic detection techniques to more effectively catch this frequently changing spam. Fast forward a year or two to 2003-04: All of these techniques were optimized into a spam "cocktail," which determined the relative weighting of these detection mechanisms to maximize effectiveness.

In 2005, reputation-based detection was born, as antispam vendors realized you could determine the likelihood of a sender's intent based on IP address. Known spammers were quickly blocked, and it became a lot harder to get a message into the inbox.

Now, the bad guys increasingly use bots to obscure their true identities and intentions. Since the bot is anonymous and tends not to have a "bad reputation," bots are very effective for a short period of time.

This was first published in June 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: