British ISPs have reacted strongly to the suggestion of Trend Micro CTO David Rand that the ISPs should actively combat the problem of spam on the internet.

Rand’s suggestion is the blocking of TCP port 25 (the port used for SMTP, or email, communications between servers on the internet), making contact with customers who they suspect may be the source of spam outbreaks, as well as stronger government legislation.

The legislation idea has merit, after all the lack of cooperation between government agencies is how many international spam operations manage to go unpunished.  The blocking of SMTP on the other hand is impractical and costly to implement, both from a technical and a service perspective.

The basis of the idea is this.  Customers send mail using SMTP, therefore by blocking SMTP and requiring that customers send mail via the ISP’s mail servers allows close monitoring of email traffic and detection of spam.

The solution is problematic though because many ISP customers, both home users as well as businesses, have perfectly good reasons to not send their email via their ISPs mail servers.  These customers would need to be unblocked from using SMTP, and hence cannot be closely monitored.

The monitoring itself also presents two problems – firstly customers object to having their email correspondence inspected by other parties including their ISP.  Secondly, any false positives could have disastrous consequences if important emails were blocked.  ISPs do not want the exposure to liability if they block an email that results in monetary loss for the sender or recipient. Continue reading ISPs Don’t Want to be Spam Cops»

It has been a big year for the internet with social networks continuing to grow at an amazing pace, search engines scrambling to keep pace with user demand for fresh news, and as always spam and malware causing havoc around the world.

A look at the year’s major spam event shows some consistent trends.

• Season spam such as Valentine’s Day and Christmas remains predictable
• Spammers quickly move to exploit any major global news events such as celebrity deaths and wars
• Spam networks are becoming more distributed and resistant to shutdown attempts
• Social networking spam is on the rise as spammers attempt to exploit the perceived trust between people and their online “friends”
• Human error continues to be a big part of the spam landscape, both through inadvertent data exposure and through people falling victim to social engineering

Here is a look at some of these major events throughout the year.

January

Scams promising free money from US government grants attempts to exploit the news of corporate bailouts and the increase in unemployment.

Fake CCN news alerts take advantage of a clash between Israel and Hamas.

Global spam volume begin returning to normal levels after the McColo shutdown of November 2008.

The inauguration of US President Barack Obama leads to a wave of spam spreading rumours that his inauguration is invalid or that he resigned and attempts to trick users in downloading malware.

Spammers also get a head start on Valentine’s Day with malware-carrying love letters.

February

Human error at Google marked the entire internet unsafe (is it really that far from the truth?).

The poor economy continues to cause unemployment to increase, leading to a new wave of fake job spam.

Microsoft offeres a $250,000 reward for information leading to the arrest and conviction of the Conficker worm creators.

March

Citibank falls for a Nigerian 419 scam to the tune of $27 million, but is saved when the transfers fail due to invalid account numbers provided by the scammers. Continue reading 2009, The Year in Spam»

Last month I joined a new discussion forum.  The owner of the forum decided to charge members a monthly access fee of $1.95.  I gladly subscribed because the value of the forum far outweighs the membership cost.

Now several weeks later and with thousands of members joining the forum I realize the biggest benefit of the membership price – there is no spam.

For the average internet user everything they do online is free.  After they have paid for a computer and an internet connection from an ISP most people will not pay another cent for any of the intangible experiences that the internet has to offer.

Thousands of popular websites offer streaming videos, games, instant messaging and social networking without charging a cent for access.  Email is the ultimate free communication medium, costing nothing to acquire and use.  These services all attract spammers.

Free online services face a difficult challenge in preventing spam.  Their users want free access, but also resist overt monetization efforts by the website owner.  And yet without a revenue stream the websites can’t afford to invest heavily in security and support.  Without the money to fund a developer focus on proactive spam prevention, and a support team to handle reactive spam prevention, the spammers have a large window of opportunity to exploit these free services for their own gains.

The fallback monetization strategy for most of these websites is simple advertising.  MySpace added advertising early on.  YouTube is slowly introducing advertising models to support their massive infrastructure costs.

Facebook’s advertising system has an ironic twist – spammers can indirectly exploit the system by using free Facebook apps and games to gain access to users’ profile information, then use that information to personalize advertisements and target them more closely to certain demographics.  These advertisements are often unethical – for example targeting 15 year old girls to sign up their mobile phone (paid for by their parents) to a ringtone subscription service in order to earn more points to use within a popular Facebook game.

The irony is that so much money is made by the advertiser, who in turn pays fees to Facebook, that the spammers are largely responsible for generating the revenue streams that make it more feasible for Facebook to invest more in security and spam prevention.  Would this problem exist if services such as Facebook were not free? Continue reading Would Spam Exist if the Internet Wasn’t Free?»

The Sydney Morning Herald reports that a South Australian woman became a victim of identity theft when her Facebook account was taken over by hackers.  The hijacked account was then used to send messages to her friends saying that she was stranded overseas after being robbed and requested that money be wired to her to help her get back home.

The victim became aware of the hijack only after a friend phoned her from Singapore to verify the story.  This was unfortunately too late for one other friend who had already wired $1000 to the scammers.

This type of phishing scam occurs all too often on free social networking services due to several combined factors. Continue reading Facebook Friends Lead to Big Money Scams»

Spam levels have risen by an astounding 141% since March, according to a new report just released. Botnets are largely responsible for the rise and the number of computers added to botnets has risen to 14 million, a 16% increase. Roughly 150,000 computers a day are infected by malware and added to botnets.

Not surprisingly, South Korea was hardest hit, reporting a 45% increase in botnet activity over last quarter. Most of that comes from the massive DDoS attack that hit the country earlier this month. The same attack also affected most government websites here in the U.S. as well as the New York Stock Exchange and many major business sites.

Continue reading Spam Volumes Shoot Up 141%»

Anyone who uses the internet whether for business or for leisure has had first hand experience with spam at some point in time.  Spam is a problem that plagues the internet and affects us all in some way.  Like most problems the spam problem is a very complex one.  There is no single source or cause of spam, which means there is no single solution to the problem.  In this post I’ll explain some of the sources and causes of the spam that we see every day.

Botnets and Zombies

Bots or zombies are typically home computers that have been infected with some type of virus or malware, which puts the computer under remote control by a malicious person.  A group of these computers is referred to as a botnet, and is used by a spammer to send out millions of emails containing spam, phishing scams, and computer viruses.

Examples of botnets include the Cutwail and Rustock botnets that are responsible for massive spam attacks around the world.

Because botnets are made up of computers located within ISP customer IP subnets they can often be blocked by using connection filtering to block any SMTP connections from those IP address ranges.  When this fails you have to rely on content filtering to detect the spam content within the messages.

Open Relays

An open relay is a poorly configured email server that allows anyone to relay messages through it to any other destination email address.  Modern email server software is not configured to permit open relay by default, it usually takes human error to cause a server to be configured this way, and there are few genuine reasons to run an open relay especially not one that is open to the internet where it can be abused by spammers. Continue reading 7 Major Sources of Spam on the Internet»

The first electronic spam that many businesses ever encountered came via email.  Before that spam was only in the form of “junk mail” delivered by post or received by fax.  Although a minor annoyance most pre-electronic spam was fairly harmless.  Rarely was a piece of junk mail intended to be malicious or an outright scam (beyond a normal degree of outlandish marketing hype anyway).

As email became a crucial business tool the spam problem rose rapidly to become the major problem it is today.  Regular research is released that puts spam at over 90% of global email traffic.  Despite this not every business takes it seriously enough to actually do something about preventing it.  Those that do will implement a quality anti-spam solution for their email and continue about their business hopeful that it will protect them from those on the internet with malicious intent.

However as the web evolves new spam threats have emerged that also need to be considered by businesses.

Email Spam

Email spam is a continually shifting landscape of new threats as spammers develop new techniques.  For example, spammers have gone from putting spam content in emails, to putting it in file attachments, to putting it in password-protected file attachments, to putting it in image files, to putting it on web pages that they link to, each technique intended to keep them a step ahead of anti-spam vendors and the protective measures built in to their products.

Continue reading Dealing With New Spam Threats to Business»

I use a few of the more popular social networking tools on the web these days to connect with friends, colleagues, and interesting people.  This week I had an experience that, while harmless to me, made me consider some of the risks of social networking to an organisation and their possibly less savvy end users.

The experience started with a typical “friend” request sent to me by a stranger.  When I have the time I always go through these requests and check to see if any of them are worth accepting and making a new connection.  This particular request showed some immediate signs of being spam-like, but with a few minutes free I decided to explore it a little anyway.

The friend request came from a user with typical spam signals, including:

• Attractive female profile picture
• Regular posts with links to product pages but little genuine interaction evident
• A link to a main site with a domain name intended to draw the “get rich quick, easy money secrets” internet user

Following a few links I was presented with the typical “internet marketing” sales page, complete with big promises, glowing testimonials, vague references to “secrets” and “proven systems”, and a massively over-priced product with a limited time offer of a dramatic discount if you buy right now!

So what does this have to do with protecting businesses from spam?  Two things. Continue reading Social Networking as a Spam Vector»