Year of the Spam
The past year has forced us to take a new look at the problem of spam. Spam has turned from an irritating side effect into a large-scale threat to e-mail. The results of many surveys show that average users whose work is not related to the Internet or IT may substantially reduce their volume of electronic correspondence or even refuse to use e-mail altogether in order to avoid spam.
At the beginning of the year, the growth in the amount of spam surpassed all forecasts made at the end of last year, even the most pessimistic ones. According to analysts estimates, spam made up 30-40% of the total volume of e-mail in the world at the end of 2002; in summer 2003, spam’s share had already exceeded the 50% mark. By the end of 2003, spam made up between 55-70% of all incomoing correspondence worldwide.
The damage from spam is at first glance insignificant for individual users, but for the world market and even for single major companies, it looks rather impressive. Various sources estimate that an average company loses from $50-200 a year on spam per member of staff. As a result, within this year the constantly increasing damage from spam reached the same level as the losses caused by viruses and hackers. A conservative estimate for the damage worldwide is close to $10 billion. It should be noted that only a few hundred people (the majority of whom live and work in the US) put out 80-90% of junk mail.
The explosive growth of spam in 2003 lead all major ISPs and most corporations to implement mail filtering techniques. Hotmail, Yahoo and MSN have all installed antispam solutions to protect their clients and their reputations. They have also encouraged users to create whitelists of safe senders to ensure that the mail they need is not filtered by the antispam product.Botnets
During 2003, spamming technology substantially developed, adapting to new conditions. The bulk of spam is no longer dispersed directly, but with the help of networks built of end user machines captured by spammers.
Spammers now first mass-mail Trojans, which infect end user user-end machines and serve as spam launchpads. Thousands of infected computers participate in the dispatches; while the unsupecting owners continue to surf the internet. the users of which may not even suspect so. This has led to a sharp upsurge in spam sources and a drop in the effectiveness of RBL black lists. A black market for infected user addresses was born this year.
Blacklists becoming obsolete
Blacklists depended on filtering by IP addresses, which was rnedered almost 100% ineffective by botnets and dynamic IP addresses. Using blacklists only leads to unacceptable false postive rates. Incidents, such as the Osirusoft, have undermined the value and the reputaion of blacklists. Osirusoft ended up blacklisting the whole world after is was the victims of a DDoS attack. Email suers worldwide lost 2 days worth of correspondence as email servers used Osirusoft blacklists to filter spam.
New Spammer techniques
2003 saw a continuation of the battle between spammers and users worldwide who don’t want spam.
Some new methods to deceive spam filters developed in 2003 include: mixing encodings (latin with Japanese, for instance), replace tet with graphics or dynamic text
Spammers have been searching for an adequate response and are beginning to use the dirty text method to deceive filters based on message content analysis. Most frequently this means substituting latin characters for cyrillic, replacing text with graphics, or dynamically changing the message contents (within one batch of e-mails).
On the one hand, this has lead to an increase in the cost of spamming; under such conditions only well equiped spammer outfits can carrying on a successful business. The spammer business is growing stronger; its clientele base is broadening as more and more small and medium businesses turn to spam to increase revenues.
On the other hand, lingusitc filtration methods developed in 2003 are able to ignore message header information and focus on the body instead. Most antispam solutions learned to search message content for text strings characteristic of junk mail.
The subject matter of spamming has changed: in places where antispam laws have been adopted, the number of offers for goods and services from small businesses has begun to fall, freeing up the field for scams and pornography.
Spam dispatches have gradually become not only a rude but an illegal activity as well. In 2003, the legislative bodies of the leading countries of the world acknowledged the danger of spam. The European Union, Australia, and the USA all passed antispam measures. For example, in the US, as a result of the endeavors of an antispam coalition (whose members include America Online, EarthLink, Microsoft, and Yahoo!) a suit was filed against hundreds of spammers. Some are being threatened with a prison sentence of up to five years.
In Russia, the leading Internet and IT companies formed the National Antispam Coalition, one of the main activities of which is campaigning for amendments to legislation (the Law on Advertising, the Administrative Rights Violations Code, etc.) in the State Duma. In September the First National Conference The Spam: The Problem and Solutions was held in Russia.
Our forecast for 2004 is, unfortunately, discomforting. 2004 will be the year spam peaks. We assume that the amount of spam in users‘ mailboxes will reach its peak in spring or summer 2004 and will make up 60-70% of all incoming mail. Spam will be extraordinarily technically refined; in addition, the mobile spam era will begin (SMS-spam).
However, by the end of 2004, one effective spam filter or another will be installed in practically all mass services and major companies. What is more, in the first half of 2004, the first successful trials against spammers will being coming to a close in the US and in Western Europe, and by fall 2004, national laws against spam will be passed in Russia and in Eastern Europe.
As a result of these measures, the torrent of spam should begin to recede and noticeably decrease in 2005.