|
By Paul Thackeray, VP EMEA, Barracuda Networks
Internet Service Providers (ISPs) are finding themselves on the front line in the fight against increasingly sophisticated new ways of distributing spam.
The latest spam trends, designed to fool traditional spam filtering methods, are sending the amount of spam through the roof – according to latest industry estimates spam accounts for as much as 80-85% of total email. ISPs are having to invest heavily in anti-spam solutions simply to ensure email remains a useful tool for users.
So-called “pump and dump” scams – where minor stocks are promoted – as well as graphics-based spam, are among the latest methods used by spammers in attempts to make profit from it.
The amount of spam traffic being filtered through ISPs increased four-fold in the last months of 2006. From an end-user perspective, although more spam is getting through, for most people, it still accounts for less than five per cent of all emails received. This is testimony to the hard work that the industry – anti-spam vendors and ISPs together – have put in behind the scenes.
The reason for the rise in “pump and dump” spam is that it does not require a link back to a website or ordering system, making it harder to trace its origins. In addition, the authorities have so far not caught any perpetrators. The messages have no constant wording, but instead tend to favour strings of random words or conversational-style prose to introduce the stock ticker value. This means there is not a lot for a conventional filter to recognise.
Industry bodies like the London Internet Exchange (LINX) are calling for filters capable of examining token groups in addition to single-word tokens. This would increase detection rates for those emails with words that do not conform to any recognised sentence construction.
In 2006, spammers also began to produce graphics-based spam in order to beat filters that had no optical character recognition (OCR) capability. The images are usually combined with text.
Again the industry has responded. Anti-spam vendors like Barracuda Networks have been extremely successful at creating fingerprints for this type of image spam. Nevertheless ISPs are investing in more filtering equipment simply to keep pace.
Researchers at the University of Cambridge report that in June 2006, one British ISP was receiving around six million emails a day, of which 2 to 2.5 million were legitimate. By year-end this had risen to 26 million, even though legitimate email remained constant at 2 to 2.5 million. In the same period their end-users only saw a relatively small rise in the amount of spam reaching mailboxes, which is a great compliment to ISPs and the industry as a whole.
But while the industry appears to have the spam problem under control, we can expect the criminals and spammers to swing the pendulum back in their favour. According to Spamhaus, a leading anti-spam organisation, there are just 220 spam gangs (about 1,000 internet users) out of a global internet population of more than a billion. People are now paid to design new kinds of spam. They have their own filters and if their spam is blocked, they simply keep adjusting it until the filter lets it through.
So the fight against spam is a continual arms race and ISPs are battling daily to stay ahead of a relatively small but determined number of gangs operating on a very large scale. For the moment at least it seems the problem has been contained, but the trend toward more sophisticated social engineering techniques and increasingly targeted attacks means the battle is far from over.
• Barracuda Networks is exhibiting at Infosecurity Europe 2007, Europe’s top information security event, which takes place at Olympia from April 24-26. For more information visit www.infosec.co.uk
|
