COLUMN

Security Blog Log: Sailing a sea of spam

By Bill Brenner 10 Nov 2006 | SearchSecurity.com Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

But when companies like Postini Inc. and Sophos release reports showing a breathtaking surge in spam, people are less inclined to dismiss the findings. It's hard to do so when your own email inbox is bloated with the stuff.

Postini watched spam levels spike by nearly 60% in the last eight weeks, with spam now accounting for 91% of the email it screens. Over the past 12 months, the company said, the daily volume of spam rose by 120%. Sophos has also observed a huge increase in unwanted emails, and both firms agree botnets are largely responsible for the surge.

There's plenty of chatter about spam in the blogosphere these days to boost the credibility of such reports.

About Security Blog Log: Senior News Writer Bill Brenner peruses security blogs each day to see what's got the information security community buzzing. In this column he lists the weekly highlights. If you'd like to comment on the column or bring new security blogs to his attention, contact him at bbrenner@techtarget.com. Recent Columns: Dissecting Firefox 2.0 The never-ending PatchGuard debate IE 7 arrives, but does anyone care?

Ed Bott, a Windows expert who has written a number of books about the operating system, used his blog to chronicle his own struggles with spam.

"I've been noticing a lot more spam getting through my server-side filters and also passing through my client-side filters lately," Bott wrote, pointing to additional research from Symantec Corp. and Total Quality Management as proof that the uptick isn't a product of his imagination.

Bott linked to a chart from Total Quality Management that shows a surge in spam starting around June 11. He then suggested the surge was the result of attacks exploiting a Word flaw Microsoft patched in its MS06-027 bulletin in June.

Blogger Kaye Vivian's inbox has also been deluged with spam. Vivian looked over the return addresses and concluded it's coming from the computers of friends who don't realize their machines have been hijacked.

"My spam level is up to about 60 per day that get through my ISP, which blocks about twice that many more, and that doesn't include the 50-60 spams I get on the blog here and manually delete," Vivian wrote. "I normally look at the return addresses on those spam emails (most of which have started using the "nofollow" command). What's been interesting to me is the number of spam messages that come from accounts I can recognize. Now I think I understand why -- my friends and colleagues have been hijacked into a botnet! Maybe I have, too!"

Colin Henderson, keeper of the Bankwatch blog, described how the spam onslaught has pretty much forced him to abandon one of his email accounts.

"Over the last two months in particular, I have noted an increase in spam -- both the volume being caught by Gmail … and in the numbers that are getting through," he wrote. "I have a Yahoo account, too, and Yahoo seems unable to catch any 519 Nigerian 'we want to transfer $14 million to you' scams, such that my Yahoo account is now unusable."

He noted that because of the botnets, spam is much tougher to identify and fight than if was a couple of years ago.

"Spam used to emanate from a spam server, so was relatively easy to identify," he wrote. "When spam emanates from a botnet, the bad guy could be your PC in your home. This makes identification much harder."

He concluded his entry with a story about a colleague who complained about another bank's employee who had supposedly spammed an enormous number of his bank's employees. In retrospect, Henderson said, the emails either came from "a really stupid employee" or a spam attack using the employee's name.

In his Freedom to Tinker blog, Ed Felten, professor of computer science and public affairs at Princeton University, said the computing community needs a better understanding of the bot threat before the latest spam onslaught can be brought under control.

"Though botnets are a major cause of Internet insecurity problems, few netizens know what they are or how they work," Felten wrote. "Some experts think we're losing the war against botnets. Yet there isn't much public discussion of the problem among non-experts. Why not?"

In an attempt to get that discussion going, his entry includes a detailed summary of what bots are and how they're being used.

Tags: Email and Messaging Threats (spam, phishing, instant messaging),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Email and Messaging Threats (spam, phishing, instant messaging) Messaging security risks have upper hand on solutions Web-based attacks skyrocket, pirating sites surge, security firms say Pushdo botnet uses Facebook to spread malicious email attachment Scareware report highlights successful business model How to prevent phishing attacks with social engineering tests Phishing protection begins with training, antiphishing evangelist Phishing attacks to remain a major problem, say security experts Barracuda acquires Purewire expanding Web security reach FBI raids phishing crime ring, nearly 100 arrested Massive phishing scheme affects Microsoft Hotmail accounts Email and Messaging Threats (spam, phishing, instant messaging) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary CAPTCHA  (SearchSecurity.com) crimeware  (SearchSecurity.com) Operation Phish Phry  (SearchSecurity.com) pharming  (SearchSecurity.com) phishing  (SearchSecurity.com) Register of Known Spam Operations  (SearchSecurity.com) Rock Phish  (SearchSecurity.com) Sender Policy Framework  (SearchSecurity.com) spam cocktail  (SearchSecurity.com) spear phishing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary