Spewers
of spam harnessing new tools
by
Alan Zisman (c) 2006 First published in
Business
in Vancouver November 14-20, 2006; issue 890
High Tech Office column
Been seeing any more spam lately? Last year, I noted that for many of
us, spam had more or less vanished – at least from our in-boxes.
There was still lots of spam being sent, but increasingly effective
filtering, both built into users’ e-mail software and at the
network and ISP levels was keeping the bulk of it from reaching many
users.
Lately, though, I’m seeing spam in my in-box again.
I’m not alone.
Security software firm
Sunbelt
Software
estimates that it’s filtering three times as much spam as six
months ago. With such a big increase in the number of junk mail
messages, it’s perhaps not a surprise that more of it is leaking
through the various levels of filters. Moreover, recent spam, primarily
for pharmaceutical products or touting stocks, combine random text with
images. This makes it harder to filter.
Along with a change in the amount and content of spam, there’s
been a change in where the unwanted messages are coming from.
In the past, spam was sent from a relatively small number of servers.
It was possible to blacklist those servers, eliminating them as a
source of messages. Increasingly today, however, spam messages are
coming from ever-changing networks of infected home and business
Windows PCs, referred to as botnets.
David Hart,
administrator of spam black-lister
Total Quality Management has noted that his company has seen the
number of Internet addresses sending spam triple since June.
Security company
McAfee’s
Avert Labs estimates that over 70 per cent of the current crop of spam
is coming from botnets.
These networks of infected computers don’t just send spam.
They’re rented out to install adware on infected systems, to
combine for denial-of-service attacks on online companies, to
distribute phishing e-mails and to fraudulently click online ads to
boost payments.
Last May, anti-spam company
Blue
Security was forced out of business after a concerted series of
attacks blocked its ability to operate online.
Microsoft began
including its Malicious Software Removal Tool in its Windows Updates
downloads in January 2005. Since then, MSRT has removed one or more
infections from more than 5.7 million Windows systems, with bot-related
Trojans accounting for 62 per cent of these infections.
Trend Micro
estimates that at least five per cent of all the computers connected to
the Internet have been used in botnets. What’s to be done?
Security companies are starting to respond with products such as Trend
Micro’s InterCloud Security Service and McAfee’s
IntruShield, both aimed at ISPs and university and corporate networks.
Individual users should take the usual security steps:
- keep on top of Windows patches
- use a firewall, preferably one that monitors
outgoing Internet connections (unlike the built-in Windows XP firewall)
and
- try to actually read those firewall messages; don’t
just click OK to everything.
Up-to-date antivirus and anti-spyware software is vital. McAfee’s
free SiteAdvisor is a useful add-on for Internet Explorer and Firefox
that warns of potentially dangerous websites (
www.siteadvisor.com).
Or, seeing how those millions of hijacked computers are all running
Windows, maybe it’s time to seriously consider an alternative.
Really.