Spammers Are Hijacking Isps
Posted 08 March 2005 - 02:59 AM
An email security company says it has found evidence that spammers are tricking Internet service providers into helping them evade anti-spam security measures.
ZDNet UK reported last month that spammers are using software tools that force virus-infected PCs to relay spam attacks through their ISP's own mail server. Traditionally, infected computers have been used as mail servers to send spam directly to recipients. But the new technique means the spam appears to come from the ISP itself, making it hard for an anti-spam blacklist to block the spam without also blocking legitimate mail from the ISP.
According to research published by MessageLabs on Friday, the proportion of spam coming directly from networks of infected machines has decreased from 79 percent to 59 percent, while overall spam levels have climbed. The company believes that this proves that spammers are increasingly sending their junk mails via the ISPs.
"It's fairly hard evidence that although the spam problem has not gone away, the way spam is distributed has changed," said Paul Wood, chief information security analyst for MessageLabs. "It backs up [suggestions] that this method is being aggressively used."
Last month, anti-spam campaigner Spamhaus called on ISPs to start throttling spam sent via broadband customers compromised by the technique.
"They've got to throttle the number of emails coming from ADSL accounts. They are going to have to act quickly to clean incoming viruses. ISPs have so much spam -- they are too understaffed to call people up and tell them they have Trojans on their machines. And no one would know what you're talking about," said Spamhaus's Steve Linford.
Wood said the results suggest that ISPs need to start managing the data sent through their networks.
"That would certainly seem to be an implication," said Wood. "If an ISP is not checking their mail servers to see if it is sending spam, legally that puts them on a different foot in terms of identifying sources of spam. How they can get over this is a problem? They will have to learn more about their customers. They need to check customer computers, whether they do it or give people the tools to do it. It's very much a moving target."
Posted 08 March 2005 - 03:08 AM
But really the only way to fight spam is to get to the source ... someone somewhere is profitting from it and that's where it's going to hurt the most.
Posted 17 March 2005 - 08:13 PM
Spam filter developers make no secret that putting spammers out of business is their ultimate goal. Author and programmer Paul Graham threw down that gauntlet in his seminal 2002 paper on Bayesian spam filtering: "If we get good enough at filtering out spam, it will stop working, and the spammers will actually stop sending it."
In a subsequent article entitled Will filters kill spam? Graham predicted that spammers would give up if everyone had an effective spam filter.
But even if spam filters were 100 percent accurate and universally used, their ability to kill spam completely seems improbable, given current consumer behavior and a design element indispensable to most junk email filters: the spam folder.
Consumers have shown they can't resist the temptation to buy from spammers. A recent survey by Forrester Research (PDF) found that 41 percent of U.S. internet users have made purchases in response to spam. According to the Direct Marketing Association, email ads generated more than $32 billion in sales in 2003.
To be sure, those figures might be even higher if it weren't for spam filters. But the reality is that some consumers still respond to spam even after it has been filtered into spam folders.
For proof of this, try Googling the string %40Bulk. That's part of a long URL that shows up in a Web site's traffic logs whenever a Yahoo Mail user clicks on a link to the site from within a message in the user's spam folder.
Fortunately for spam researchers, a number of junk emailers leave their web server logs exposed to search engine spiders. As a result, we can get a partial view of how consumers interact with spam folders.
Consider the example of LinkToCash.com, a web site that advertises a multilevel marketing (MLM) scheme. According to the site's referrer log file, it received around 965 visits from Yahoo Mail users in January 2003. Around 107, or about 11 percent, of those Yahoo visitors arrived by clicking on an email in their Bulk email folder.
Referrer log files from other advertised sites show lower percentages of click-throughs. WebCashVideos.net, another MLM site, recorded 98 Yahoo Mail visits in an undated log, just 4 of which were from the Bulk folder.
In some instances, however, the number of site visitors who arrive via the Yahoo Mail spam folder nearly equals the number of those who come by clicking on messages in their in-box. Referrer logs for a page at DesertPublications.com show that 16 of 34 Yahoo Mail visitors on May 28, 2003 clicked on a link in a message that had been identified as spam.
Now, the unscientific examples above should obviously be regarded with caution. It's impossible to know whether the log files are truly representative of Yahoo user behavior or that of email users overall. (A Yahoo representative said the company didn't have systemwide data to share on its users' click-throughs from their spam folders.)
Furthermore, we don't know whether these visitors actually purchased anything at the destination sites. Many could simply be window-shopping. Some might even be antispammers doing reconnaissance prior to reporting the site for spamming.
But these logs reveal an important fact: simply segregating spam from legitimate email won't stop some users from opening it and visiting the advertised site.
Most big webmail providers seem to recognize this, although they are reluctant to publicly discuss their spam folder strategies. MSN Hotmail, for example, disables links in messages that have been identified as spam. The service requires users to click on a special link to activate URLs in suspected spam messages.
The latest version of AOL (9.0) behaves similarly. Users who attempt to click on links in suspected spam receive a pop-up warning message: "This link has been disabled for your safety. To activate, click 'Show images and enable links' above."
However, some email providers, including Yahoo and Gmail, as well as many client-based spam filters, including the one in Outlook 2003, give users full access to messages that have been filtered into spam folders.
It appears that webmail providers and others who offer spam filters must ask themselves an important philosophical question: just how paternalistic do we want to be?
Clearly, there are dangers to eliminating the spam folder altogether and simply deleting or not delivering messages caught by a spam filter.
After all, content-based spam filters rely heavily on the concept of training, and they need input from users to learn what's junk and what isn't. So, even if spam filters achieved 100 percent effectiveness, they'd still need training to reach that feat, and that means saving rather than deleting suspected spam.
For this reason, the user guide for SpamAssassin, one of the most popular content-based spam filters, specifically warns administrators against deleting suspected spam.
Furthermore, all the big webmail providers advise users to regularly review the contents of their spam folders, to ensure that legitimate messages haven't erroneously been filed away there. Indeed, avoiding so-called false positives--and the accompanying user wrath--is likely a key reason most email services stick with the spam folder concept.
Even as spam filters approach perfection, spam folders, coupled with consumer behavior, will unavoidably keep a (reduced) number of spammers in business. But the nature of that business may change dramatically.
In time, spam folders may become for some incorrigible online shoppers akin to Sunday circulars--those pullout ad sections that get inserted into newspapers. (This view is in sharp contrast to that of many internet users, who regard the contents of their spam folder as virtual toxic waste.)
In turn, spammers may stop putting so much effort into disguising their messages to try to fool filters. Instead of using cryptic subject lines, weird HTML, and bizarre language in hopes of landing something in the recipient's inbox, spammers may focus instead on creating irresistible subject lines. Once they've resigned themselves to being segregated to spam folders, junk emailers may decide that writing good ad copy is just as important to spam success as having access to fresh proxies or bulletproof hosting.
For filter developers, it's only natural to strive for an internet free of junk email. (Paul Graham has admitted to feeling "as if I were playing some kind of competitive game with the spammers.") But for most internet users, filters still provide a vital productivity- and sanity-saving service--even if they don't completely wipe spammers off the face of the earth.
Posted 24 March 2005 - 12:38 AM
By Daniel Thomas
Thursday, March 17, 2005
Instant messaging security threats are growing by 50 per cent each month and could potentially spread across the globe in seconds.
According to research from anti-virus firm F-Secure, virus writers are targeting instant messaging application due to their ability to spread malicious code faster than email worms.
Where as the Sasser email worm took 14 minutes to compromise 95 per cent of all vulnerable PCs around the world, instant messaging worms could infect all IM using computers in just 14 seconds.
The anti-virus firm claims to have detected 200 instant messaging worms, plus more than 700 trojans, backdoors and password stealers that target the application.
'IM worms don't waste time scanning machines that are not infectable they only target other IM using machines,' said Patrick Runald, technical manager at F-Secure.
With analyst firm IDC predicting that 506 million people will use instant messaging by 2008, this could present new security concerns for IT departments.
'As IM grows and comes into corporations it could become more of a risk,' said Runald.
Mikko Hypponen, F-Secure's director of anti-virus research, told Computing that more than 50 per cent of last year's largest viruses were designed by criminals to make money and that mobile viruses could become a greater focus for organised crime outfits.
'PCs don't have in-built billings systems but mobile phones do,' said Hypponen. 'Mobile malware can be designed to infect phones and message premium rate toll numbers. You'll only find out about it when you get your next phone bill.'
What do you think? Email email@example.com
If you want to be first with the news, visit Computing every day.
To see more of VNUNet go to http://www.vnunet.com
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users