Recently, a reader of TGVT expressed confusion when their Internet Service Provider (ISP) “interrogated” them about using their computer to attack various websites, despite not having done so at all! The culprit may be spam, which is starting to target online journals, instant messaging, and mobile phones.
Peter Shinbach, a PR employee at a company in the United States, had to “shut down” his online journal (blog) Bach Door due to a surge of spam in the form of comments that were solely about gambling and pharmaceutical advertisements. Ironically, while his blog received more and more spam, his email inbox saw a reduction in spam—thanks to software and filters from his ISP that can block about 95% of unwanted emails.
Shinbach is one of the first victims of spam targeting blogs, instant messaging, and mobile text messages. Meanwhile, the amount of spam in the form of emails continues to rise but no longer at the double-digit rates seen last year. Many ISPs and email service providers report that they have blocked over 90% of unsolicited commercial emails.
According to an expert from the market research firm Ferris Research, current anti-spam utilities are quite effective. In contrast, other forms of spam dissemination are still in the budding stages of development. An expert from the security company CipherTrust stated that regardless of the messaging method users employ, spammers are present in that space.
Comment spam is one of the new forms, and another variant known as splog (short for spam blog), which is created solely for advertising purposes.
Spammers often create dozens, even hundreds of splogs that link back to their website, thereby helping to boost the ranking of that site in Google’s and other search engines’ access rankings. Another type of splog lures web surfers to click on an advertisement that links to websites paying for the splog.
A spokesperson for Technorati, a blog service website, predicts that between 10% to 15% of the approximately 70,000 blogs created daily are splogs, and this number will continue to rise in 2006. These “suspicious” blogs have become a nightmare for companies like Google, Microsoft, and Yahoo, as well as those offering free blog services. Many companies are trying to develop splog detection software, similar to standard spam detection programs.
Blog users encountering spam issues can seek assistance from websites like Splogspot and Splog Reporter, which can collect information based on content to help network administrators filter necessary content.
SPAM – NO ONE IS SPARED
Spammers are also experimenting with attacks on instant messaging (IM) and mobile messaging. An expert predicts that around 10% of IM messages are spam, and IM spam will be ubiquitous in the future due to interlinked online IM networks (Microsoft and Yahoo have announced plans to allow their users to “connect” with one another). Moreover, the growth of IM services through mobile phones will make this a lucrative target for spammers and also present “vulnerabilities” that allow viruses to spread through spam.
Text spam on mobile phones is also on the rise. In fact, there has been at least one case of spam messaging that went to court: in February, a U.S. federal court responded to a request from Verizon Wireless to prohibit the Florida travel agency Passport Holidays from sending unsolicited messages to Verizon customers. Furthermore, Passport Holidays agreed to pay $10,000 to Verizon Wireless. The lawsuit accused Passport of sending 98,000 unsolicited messages to Verizon customers encouraging them to call a toll-free number to register for a trip.
An expert from Cingular indicated that service providers are not solely relying on the law to tackle these issues, and the company is employing filters and other tools to prevent spam.
Cingular also allows its customers to “lock” incoming messages during specific times of the day and “block” all messages sent via email.
Wireless service providers claim that customers will never see spam messages because their spam filtering software has blocked most of them. Verizon Wireless is working closely with ISPs to find the best methods for combating spam.
As ISPs become more adept at filtering email spam, this type of spam has become “more aggressive.” According to the owner of the email advertising company New-Approach (Israel), filters have made it more difficult to disseminate spam, forcing spammers to break the law to achieve their desired results.
THE NEVER-ENDING BATTLE
However, for spam to bypass filters (for example, by masquerading as personal emails to send promotional information), it violates the CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography and Marketing) established in 2003. As a result, many spammers conceal their identities by using “zombie” computers (also known as spam zombies) to send spam.
In 2005, more than half of the 15,000 complaints sent to the ICCC each month were related to phishing emails. These emails often mimic communications from a bank or financial organization to trick users into providing personal information (such as names and account numbers) and then attack that account.
A new variant of phishing is called “spear phishing,” which involves fraudulent messages appearing under the name of an individual, company, or organization related to the recipient. The idea here is that these types of spam are easier to ensnare users since they are more likely to respond to such emails than to an email from eBay requesting them to update their information.
Thus, the battle against spam remains a long saga: as soon as advanced tools hit the front lines, new devious methods open up another front.
MONEY IS NO LONGER EASY TO EARN |
| Mike, a professional spammer who is not well-known, revealed that sending spam is no longer as easy to make money as it used to be due to the effectiveness of current email filters. Moreover, being caught is a constant fear for spammers as the U.S. government tightens anti-spam laws. As a result, Mike is trying to change his approach: currently, he earns about $500 a week by selling lists of IP addresses from “zombie” computers to advertising companies for spam distribution. Although this method generates less income than direct spamming, Mike believes it reduces the risk of getting caught. PC World USA managed to contact Mike through a website where spammers often meet and share experiences. He agreed to be interviewed by PC World USA on the condition that his real name would be kept confidential. Do you think what you are doing is wrong? Why don’t you operate legally? The CAN-SPAM Act allows you to do that. Are the anti-spam laws and filters proving successful? Why do you still engage in the spam business, even though it is increasingly dangerous and less profitable? What do you see as the future of spamming? You are witnessing changes in anti-spam efforts; what are your thoughts? Will spam ever disappear? |
