Spam: Still a Big Problem


The one certainty when it comes to Internet security is that there always will be surprises. This week, for instance, Marshal's TRACE team detected that the Srizbi botnet -- which this press release says is responsible for 46 percent of all spam -- was responsible for a huge spike in malicious messages.


The firm says that at the start of June, malicious spam -- which it defines as spam designed expressly to cause damage, as opposed to those trying to get somebody to buy a product or service -- accounted for 3 percent of spam. That number recently more than tripled to 9.9 percent, Marshal says.


Marshal's analysis is fairly straight forward: An analyst with the company says that Srizbi is on a major expansion drive, and thus is implanting far more overtly malicious pieces of malware.


Clearly, there is progress being made in the never-ending battle against spammers, but it remains a fluid battle. ZDNet says that MySpace enjoyed two victories recently. First, it won a $230 million settlement against two individuals -- Stanford Wallace and Walter Rines -- that the story calls "well-known spammers." The company won $4.8 million in damages and $1.2 million in attorneys fees and costs against Media Breakaway and Scott Richter, its CEO. The blog cuts to the chase: After quoting some boilerplate from MySpace's chief security officer, the blogger says that the company, and others like it, are waging an endless game of "Whac-a-Mole" against spammers.


Innovation on the Web helps business run faster and smarter, but it also brings out hackers of all sorts, including spammers. This hubcanada.com piece -- which uses catchy phrases such as "spam-chuckers" and "crafty culprits" -- says that Google Docs has become a heaven for spammers. The story isn't completely clear on how the process works, but the bottom line is that the online word processing application seems to have taken its place in a long line of online elements, such as PDFs and images, that are used as vehicles by spammers. The story says that the latest release of McAfee security software should handle the problem.


The CAN-SPAM (technically, the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003) has been credited with making at least something of a dent in spam. The latest provisions of the law take effect on July 7, this story says. Marketing Sherpa provides a rundown of the changes -- as well as what will stay the same. The writer says that CAN-SPAM now is better defined; the 10-day opt out period wasn't reduced to three. The story looks at five new provisions. They cover unsubscribe requirements; the definition of a sender; the fact that use of a P.O. box is OK; the new definition of a "person" and how "forward to a friend" issues are handled.


China is seen as a growing source of spam. This isn't a good thing, since the language presents some challenges not seen in the West. This interesting Commtouch Cafe post says that Chinese characters are "double-byte" due to the need for extra capacity to transmit all the meaning each character contains. There also are no spaces between characters, and meaning is dependent on the relationship between them. Finally, Chinese can be written vertically. The writer doesn't go into much detail, but her point clearly is that these differences are a significant hurdles to anti-spam strategies based on a very different set of criteria. Spammers put a dubious notch in their belt by bringing an entire nation to its e-mail knees. This piece says that the Marshall Islands, a nation in the South Pacific, lost all e-mail functionality due to an on the island's lone ISP. National Telecommunications Authority systems were subjected to a four-fold increase in spam. The reason for the attack is not clear, the story says.


The bottom line is clear: Great progress has been made against spam, but it remains a big problem -- and one that will sporadically grow to crisis proportions.