The Spammers Strike Back!

Like all great events, I remember the day I learned that spam was, if not dead, gravely wounded. It was November 17th, 2008. The story was that an investigation by internet service providers (ISPs) Hurricane Electric and Global Crossing into McColo, a notorious hosting service responsible for housing as many as 70% of the spam email operations on the Web, led to the plug being pulled on McColo’s operations by their ISPs.

The end of McColo killed 70% of the spam on the Web, but as predicted, the spammers are back.

Gourmet Spam

You would have to imagine that the death of McColo last November was a serious wake-up call to the spam industry—yes, there really is such a thing—and you would be right. While the experts are still working on where all this is coming from now, that is less important than the changes that the spam has undergone. It is more sophisticated and better designed than before. According to Dermot Harnett, principal analyst of antispam engineering for Symantec, which has seen spam volumes coming within five percentage points of their pre-McColo shutdown numbers, "Spammers continue to innovate to find new spam vectors to deliver their messages, both attempting to evade antispam filters and by making the spam messages look more legitimate."

New Spam Look, Same Spam Poison

Spam and malware go hand-in-hand. They always have. While some spam is purely sales-oriented—and that is bad enough given that spam accounts for 80% of the total email volume out there—the rest is sent for unethical or even purely criminal purposes. It can be something as simple as spyware watching where you browse so more relevant spam can be sent your way. Then there is identity theft to consider. It can be malicious viral software that will damage your computer or it can be something more sophisticated, malware that will allow remote control of your computer so it can be put to the uses of the spam sender. Imagine YOUR computer being used to pump out spam and malware and you don’t even know it.

Spam is a primary delivery system for this nasty stuff. That means the more sophisticated it gets, the more likely it will be that your machine will be exposed to malware. 2009 is gearing up to be a strong year for the spammers, which means that your defenses need to be in good shape to deal with the problem.

Canning the Spam

Like gun control as an anti-crime measure, the federal Can-Spam Act, which was passed to deal with the spam problem, was a response to the common cry, “There ought to be a law!” Unfortunately, it only actually effected those spammers who are inclined to be law abiding in the first place. Also, like gun control, those who obey the law are not the people you really need to worry about in the first place.

That means the government is not a good solution for protecting you from spam, a fact made obvious by data showing that 90% of corporate email is spam and that as much as 3% of that contains actual malware. That may not sound like a lot, but given the sheer numbers we are talking about—millions of emails—it adds up. It is up to you and there are an array of weapons at your disposal.

Anti-Malware Applications

These things used to focus on computer viruses, but over time they got into protecting you against spyware, adware and all sorts of other malware. With the exception of their firewalls, which work to keep out unauthorized traffic from your computer, these systems work by blacklisting known malicious code. That is the key—known malicious code—which means that new malware can get by them until they can analyze the new bug and provide defense against it.

Given that the vast majority of bugs “in the wild” as they say, are known and documented, and many are still a threat, you need to understand this: New malware is released into the wild on a daily basis. That means you have to keep all of this up to date. If you don’t, you are leaving yourself even more vulnerable to attack.

Anti-Spam Email Services

For my money, Gmail has the best anti-spam filtering around. By using their service, or one similar such as Yahoo, the service catches potential spam for you and it never reaches your email client. This is good because it places an added barrier between your computer and any malware that might be attached to the spam. While I personally like Gmail because they have gone to great lengths to create a very robust anti-spam system, it is not foolproof and things that look more legitimate can still get through. This is where you come in.

The Last, Best Line of Defense—You!

Technology alone will not keep you safe. That really depends on you and your willingness to help combat spam right on your own desktop. Like all good things, it requires some discipline, but you can do it if you follow these recommendations:

·        Never make a purchase from an unsolicited email.

·        If you do not know the sender of an unsolicited email message, delete it.

·        Never respond to any spam messages or click on any links in the message.

·        Avoid using the preview functionality of your email client software.

·        When sending email messages to a large number of recipients, use the blind copy (BCC) field to conceal their email addresses.

·        Think carefully before you provide your email address on websites, newsgroup lists or other online public forum.

·        Never give your primary email address to anyone or any site you don't trust.
Share it only with your close friends and business colleagues.

·        Have and use one or two secondary email addresses for filling out web registration forms, or surveys at sites from which you don't want to receive further information. Also, always look for a box that solicits future information/offers, and be sure to select or deselect as appropriate.

The Bottom Line

For each of the above suggestions, there is a spam abuse to match it. The reason, for example, you want to be careful about your email address on forums is that spammers often comb through forums and newsgroups to harvest such email addresses. This is important to remember since the premise of each of these points is to minimize your exposure. Do that, and keep your computer’s defenses up to scratch, and you will be ahead of the game. Stay vigilant, though, because until something can be done to solve this problem, it will remain a very close game indeed.