Unstoppable spammers get serious

by: Andy Riga – Canwest News Service

MONTREAL – Angered by the flood of in-your face spam about penis-enlarger pills, sexy teenage roommates, get rich schemes and amazing diets? Well, it gets worse.

Now, spammers can use viruses to secretly hijack your computer, then surreptitiously tap into your Internet connection to deluge others' inboxes with junk e-mail that appears to be coming from you.

And the recent SoBig virus shows spammers, in league with hackers writing viruses, can now do it on a huge scale.

SoBig, which struck tens of thousands of personal computers, could allow a spammer to quietly use any infected PC as a free host, hiding their tracks and shielding them from repercussions, security experts say.

It’s unclear whether SoBig is being used for widespread spam distribution, but some fear it’s the first step in a diabolical plan to create a free, powerful, global spam-blitzing network.

Meanwhile, the cat-and-mouse game between spammers and anti-spam forces is intensifying, as the ne’er-do-wells responsible for clogging e-mail inboxes find new ways to bypass spam blocking technology.

The technique used by SoBig “is the biggest and most pernicious thing happening in the spam world,” said Montrealer Neil Schwartzman, Canada’s leading crusader against spam.

“Basically, all a spammer needs to do is hire themselves some unemployed computer guys, and god knows there’s enough of them around,” added Schwartzman, who publishes spam-NEWS, a daily spam newsletter, and is chair of a national group pressing for a federal anti-spam law.

The SoBig virus, spread when users click on an innocuous-looking e-mail attachment, is one of the first cases where a virus has apparently been created for a financial gain, said Jack Sebbag, manager of Canadian operations for security-software maker Network Associations Inc.

“Before, it was 13-year old kids who couldn’t get a date and were holed up in their rooms creating viruses,” said Sebbag, whose U.S.-based company sells McAfee-brand anti-virus and anti-spam software.

“Now, you’ve got people with financial gain at stake. There’s a new reason for these guys to write malicious [programs] and do more damage.”

It costs little to send out millions of messages and an estimated one to two per cent of recipients buy goods advertised in them, making for a tidy profit for those involved.

Other spam-borne threats loom. Malicious programmers could embed spam with nasty bits of software, such as trojan horses and worms, two types of viruses that can damage a computer or compromise its security.

Sebbag says his company’s technology can stop about 95 per cent of spam from reaching an inbox. But spammers scoff at such claims.

Ronald Scelson, known as Cajun Spammer, says he sends 180 million spam e-mails every 12 hours.

Scelson told a recent U.S. Senate hearing it took him just 24 hours to bypass new technology touted by Brightmail, an anti-spam industry leader that filters 11 per cent of the world’s e-mail, including that of Canada's biggest Internet service provider, Bell Sympatico.

To bypass specific spam blockers, spammers get accounts at an Internet service provider (ISP) that uses the technology and experiments with techniques by sending themselves spam tests until one gets through.

Spam-fighting technology is a big business worth about $653 million US this year, says market researcher Radicati Group.

Some companies unwilling to invest in advanced technology simply look for certain words or phrases common in spam – such as Viagra. But all a spammer has to do is replace one of the letters in a word – to Vlaga, for example - to fool the system.

In some cases, they avoid using text altogether, instead embedding messages in digital photographs. Some such messages are created so that those who click immediately send their e-mail addresses to the spammer.

Spammers can also hide offensive content and make e-mails look legitimate by embedding messages using HTML, the programming language used to create pages on the web.

HTML allows them to use the digital equivalent of invisible ink. For example, the e-mail might contain a short visible spam message for the recipient, along with white text on a white background. The text, which the recipient doesn’t see, might be a random paragraph of words that convince anti-spam software the e-mail is legitimate.

Many anti-spam programs use “heuristic filters” to stop spam, a technique that involves filtering through e-mails looking for patterns used by spammers.

But an inevitable problem with all of the technologies is that legitimate e-mail can get thrown out with the bad.

Schwartzman, who has been involved in the fight against spam since 1996, doesn’t buy most anti-spam technology claims. Five different technologies are installed on his computer to block spam and he is still buried in the stuff.

The lobby group he heads, the Canadian Coalition Against Unsolicited Commercial E-Mail, is urging Ottawa to make spam illegal and to grant spam victims the right to sue spammers.

“We’re close to the tipping point for the usability of e-mail,” Schwartzman said. “At some point or other we all reach that level of tolerance where the vexation that’s involved in using e-mail far outweighs any possible benefits."

Website Link: http://

News Headlines

Archived News Items

No news items available at this time. Please check back soon.