The U.S. Spam Problem Grows as Storm Clouds Gather

Carl Weinschenk

It's nice when the U.S. leads the world in something. Not in this case, however, as the country has more than lapped the field in Sophos' latest listing of top spam producers. According to this TechSpot report, Sophos says America is responsible for 28.4 percent of worldwide spam. South Korea is next with 5.2 percent, China third at 4.9 percent, Russia with 4.4 percent and Brazil with 3.7 percent, the firm said.

 

Perhaps it is not fair to squarely pin the blame on the U.S., since much of the spam is generated by computers that have been commandeered by botnets operating beyond U.S. borders. Whatever the extenuating circumstances, Sophos says that better education on how to safely manage e-mail would reduce the problem. The firm pointed to Canada, which was number two on the list in 2004. A concerted effort resulted in a spam percentage of .8 percent this year and a ticket off the top 12 list. This ZDNet commentary is part confessional. The writer says he was wrong in his stated opinion several years ago that spam could be stopped by using digital signatures to prove the legitimacy of a user. He says charging a fee for sending spam will not work either, because large ISPs may misuse the process and because of the impracticality of registering so many users.

 

So. Spam cannot be stopped. The best way to slow it down, the writer says, is to create as reliable a white list as possible and to use advanced techniques to judge whether a sender that isn't white listed is a spammer.

 

The problem may be worse than many people assume. In late July and early August, .pdf spam exploded and temporarily represented one-quarter of all spam. That number has fallen off to 1 percent, according to Proofpoint numbers quoted in this BusinessWeek blog. The regimented rise and fall suggests an organized and centralized structure that is "testing and abandoning new techniques based on effectiveness." If this is so, it likely means that purveyors of spam are far ahead of those fighting.

 

It's likely that a major reason the U.S. scored so high on the spam list is the Storm botnet, which has security workers very frightened. Of course, this botnet is a threat to computer users of all nations, but the combination of Storm's aggressive handlers and the apparent laziness of U.S. computer users may mean that a disproportionate number of victims are in the U.S.


 

Storm is so big -- estimates cited in the story run from 1 million to 50 million infected PCs -- that anything having to do with it is big news. eWEEK says it is being encrypted. The story speculates that the idea is to segment the botnet. In other words, only segments of the botnet that share the same encryption key can work together to produce spam e-mails. Speculation is that this is a way for the criminals running Storm to segment the network for piecemeal sale or lease to other criminals. It also can help them manage and scale the mammoth network.

 

One of the cyber parlor games of the last few months is guessing how big Storm is. CircleID takes a stab at this as well as a look at its evolution. The item is based on a Toorcon conference presentation by Brandon Enright of the University of California at San Diego. Storm has evolved during the past year, and most of the changes involve improvements in the distribution of spam. The latest initiative -- "pump and dump" spam with an MP3 audio message -- is a sign of how sophisticated Storm has gotten.

 

The good news in the post is that Enright's projection of Storm's size -- hundreds of thousands of machines -- is smaller than the millions suggested elsewhere and within range of other botnets. Storm, however, is unique in the sophistication of those running it. The post links to a large number of technical slides that describe the botnet and its operations in great detail.

 

Bots and spam are closely related, and it seems that the bad news hitting the U.S. won't slow down until bots in general -- and Storm in particular -- are confronted. Though there is a hint of good news on Storm's size, it's clear that the bot herders are well ahead of the good guys.



Add Comment      Leave a comment on this blog post
Nov 9, 2007 6:56 AM What is the Storm Botnet? What is the Storm Botnet?  says:
Although much of Storm's machines are in fact outside the US, over half are inside the US. So simply blocking traffic from, say, China, won't be very effective. That's the power of a distributed botnet. Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.