Spammers Update Old Recipes. Can the Good Guys Keep Up?

Carl Weinschenk

Imitation is the sincerest form of flattery even, apparently, among scoundrels.


The big news in spam for the past several months has been Storm, a botnet that has reached mythical proportions. Indeed, a good deal of the legend is due to the fact that nobody has an accurate gauge of how big it is.


Now, apparently, CSOs have a second mystery to ponder. Security Park reports that Marshal's TRACE Team claims a group of hackers known as the Celebrity Spam Gang are generating as much spam as Storm. Marshal considers Celebrity a copycat because it uses some of the same approaches as Storm, albeit it a bit more primitively. The group, the piece says, gets its name from its propensity to use famous people's names -- often with promises of pictures of them in their birthday suits -- in the subject lines of its messages.


To determine that Celebrity was so big, researchers at the company intentionally infected a computer with the botnet and monitored the spams it was instructed to send out. The infected machine and general spam matched in 23 percent of the cases.


Spammers are innovating. They are hiding their payloads -- be they malicious software or scam come-ons -- inside a wider variety of files. PDF spam was a big nuisance during the summer. It abated, but is back. This story says there is a great increase in complexity of spam. The recent iteration of PDF spam is more dangerous than the original onslaught because it contains malware aimed at making the recipient machine part of a botnet. This approach is illustrative of the efforts necessary to fend it off.


Another interesting characteristic of the world of spam is how quickly the interaction between the good guys and bad takes place. For instance, on Aug. 7, PDF spam represented 30 percent of all spam, an enormous number. Three weeks later -- on August 29 -- PDF spam was less than 1 percent of the total.


In this Wired article, Google suggests the first decline in spam in years. The piece offers a Google graphic that tracks overall spam and spam actually delivered to customers over its Gmail platform since June 2004. The graph notes a gradual decline during the past few months.


Wishful thinking? There seem to be a couple of problems with the conclusion that this means spam is declining. First of all, the decline, as mapped by the graphic, seems rather small and could be a mere bump in the road of what is essentially an upward trend.


More importantly, the cat-and-mouse game between spammers and security forces focuses on the ability of the bad guys to effectively hide spam from filters. An apparent decline could mean they are succeeding. Indeed, it could theoretically indicate that spam actually is increasing: If criminals did find a way to hide spam, the methods that don't work would be abandoned. Thus, the overall amount of detectable spam would decrease. For this reason, a second and independent measure noting a decline in spam is needed before the champagne can be taken out of the cooler.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.