TELECOM Digest OnLine - Sorted: Spam Surge Drives Net Crime Spree


Spam Surge Drives Net Crime Spree


Mark Ward, BBC (bbc@telecom-digest.org)
Wed, 27 Dec 2006 14:18:18 -0600

By Mark Ward, Technology Correspondent, BBC News website

The tussle between computer security companies trying to protect your
PC and the bad guys that try to compromise it is often characterised
as an arms race. Sometimes the security companies have the upper hand
as they develop and deploy novel techniques to spot and stop malicious
software of all stripes.

And sometimes, such as in 2006, the bad guys are on top. And nowhere
has this been more apparent than in the realm of that old favourite --
spam.

In the closing months of 2006 spam volumes jumped
enormously. According to e-mail filtering firm Postini, spam volumes
increased by 73% in the three months to December.

"92.6% of all e-mail messages are spam," said Dan Druker, spokesman
for Postini. "That's the highest it's ever been."

Other e-mail security specialists have not reported such big leaps in
junk mail volumes, but all say that they are seeing more spam than
ever before.

Jump in junk

The type of spam being sent has also changed, said Mr Druker. In 2004
only a small percentage of junk mail messages had images in them. Now,
said Mr Druker, the figure is 25%.

"A lot of spam is in the form of images and HTML documents that are
designed to get beyond the filters," he said.

Filters are good at analysing plain text to spot the tell-tale signs
of spam but they struggle if the text is in an image. Techniques are
being developed to help them read images but none are widely deployed
yet. Spammers are also turning out more variants of their messages
than ever before. This is because tweaking the text in small ways can
help to fool the anti-spam filters and get the messages through.

Dave Marcus, security research and communications manager for McAfee's
Avert Labs, said some of the other reasons behind the rising tide of
junk mail provided a good summary of how the digital underworld had
developed in 2006.

To begin with, he said, the software tools that hi-tech criminals use
to put together spam runs and craft their messages have in the last 12
months got much easier to find and use.

The bad guys have also got a lot better at managing the platform they
use to send junk mail, he said. Increasingly, said Mr. Marcus, junk
mail is routed through home PCs that have been hijacked by viruses or
booby-trapped webpages. Networks of these remotely-controlled
computers, or bots, are called botnets.

"80% of spam is shot out through botnets of some form," said Mr Marcus.

Home help.

Attackers are also getting better at recruiting PCs to botnets and
stopping their owners finding out that their machine has been
compromised and is being used to send out junk mail or malware.

The most popular way of recruiting a PC to a botnet is by getting its
owner to click on the booby-trapped attachment on an e-mail. In a bid
to catch more people out, virus writers are turning out more variants
of their creations.

No longer do they just send out millions of copies of the same virus
or malicious program. This has led to an explosion in the number of
viruses and variants in circulation.

"We are seeing 150-200 new pieces of malware every day," said Mr Marcus.

The creators of the malicious software were pumping out variants, said
Mr Marcus, to defeat anti-virus companies by overwhelming them with
novelties they have to investigate, analyse and warn their customers
about.

Paul King, a senior security advisor for Cisco, said it also showed
said how malicious software was becoming more targeted.

Gone, he said, were the days when millions of e-mail addresses got the
same virus. Now the viruses and trojans are being customised to catch
out as many people in a target organisation as possible.

"There's less focus on what is the top virus," said Mr King, "to be
quite honest it does not really matter because the criminals just do
what works."

The problem for many organisations was spotting threats that only they
are being hit with.

"Those types of threats are not going to be on anyone's radar," he
said.

Story from BBC NEWS:
http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/6198113.stm

Copyright 2006 BBC.

NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily. And, discuss this and other topics in our forum at
http://telecom-digest.org/forum (or)
http://telecom-digest.org/chat/index.html

For more tech news and headlines, please go to:
http://telecom-digest.org/td-extra/tech-news.html

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: USTelecom dailyLead: "Analysis: Sprint's Big Bet on WiMAX"
Go to Previous message: Reuters News Wire: "Asia Earthquake Damages Cables; Internet and Banks Among Affected"
Next in thread: Dan Lanciani: "Re: Spam Surge Drives Net Crime Spree"
May be reply: Dan Lanciani: "Re: Spam Surge Drives Net Crime Spree"
May be reply: Herb Oxley: "Re: Spam Surge Drives Net Crime Spree"
May be reply: Danny Burstein: "Re: Spam Surge Drives Net Crime Spree"
May be reply: Tom Horsley: "Re: Spam Surge Drives Net Crime Spree"
May be reply: Dan Lanciani: "Re: Spam Surge Drives Net Crime Spree"
TELECOM Digest: Home Page