MessageLabs E-Mail Security Study Shows Rise in Spam
“We scan globally,” said Paul Wood, information security analyst at MessageLabs. The company has a wide variety of clients, including the British government, the Bank of New York and the Computer Sciences Corp. “We’re looking purely at e-mail traffic. At the moment, we’re scanning about 19 million e-mails per day, and that’s every day, including weekends. Based on that huge volume of data that we have, we can analyze the patterns and trends, particularly in viruses and spam contained within e-mails.”
The MessageLabs report showed an upsurge in the number of spam e-mails sent that started in April and peaked in July, when a 1 to 1.1 ratio (about 94.5 percent) of spam to total e-mail was sent. Wood explained that this was due largely to the disguising tactics used by spammers to get around the CAN-SPAM Act of 2003. “The (spam) e-mails we were intercepting had changed and were dressed up to appear compliant with the legislation,” he said. “What we’re seeing is that the spam e-mails are being made to appear legitimate, although if you look more closely, the majority of them are not. If someone receives the spam e-mail, they take a glance at certain areas and think, ‘This is legal spam,’ as if there could ever be such a thing. They may just delete it and not bother to report it.”
Spam, which used to be mostly a nuisance, has become hazardous because of the strategies used and the people involved in the practice, Wood added. For example, there is a growing convergence in the techniques virus writers use to create virus code and spammers use to spread spam. “The skills and resources of both virus writers and spammers are coming together, because there’s a much greater motivation in terms of the financial rewards,” Wood said. “The problem that spammers face is that if they wanted to obey the letter of the law, they’d have to use their own computers. If they use their own computers, they’re easily identifiable. If you’re constantly receiving e-mails from the same IP address, it’s very easy to block that.”
“What they’re doing is turning a huge proportion of their spam traffic over to what could be described as a bot-net or a zombie network,” said Wood, who added that these shadowy networks were essentially run by gangs of cyber criminals. “The majority of spam is now sent through this route.”
Additionally, about 3 percent of e-mail traffic—mostly spam—contains viruses of some form, which can be spread quickly. “We find that almost all of—if not every one of—the viruses we’ve intercepted this year has in some way lent itself to spam distribution,” Wood said. “It’s big business, and therefore there’s a vested interest in continuing to disseminate these viruses. The outbreaks are now engineered to spread as quickly as possible to as many people as possible. They’re targeting that window of vulnerability much more aggressively now.”
Although organizations’ capabilities for combating virus-carrying spam have improved somewhat, it is still relatively easy to spread, Wood said. “Although we’re getting better at it, it’s still not good enough, and it’s lending a false sense of security to a lot of business and individuals. We do see dips in the proportion of spam traffic, but it’s very short-lived. A number of spammers maybe taking stock and just making sure that they’re not doing anything that’s going to implicate them in any way. It’s very difficult to pin these people down. They go to great lengths to cover their tracks.”
For more information, see www.messagelabs.com/intelligence/2004report.