If the experience of John R Levine, president of consulting firm Taughannock Networks and co-chair of the Internet Research Task Force’s Anti-Spam Research Group, is anything to go by, the spam problem just got twice as bad. “You may have read reports that the total amount of spam is on the decline. Don't believe them. In the month of October, I saw the amount of spam in my traps here roughly double, from about 50,000 per day to 100,000 per day now,” writes Levine on the Taughannock Networks website. “In conversations with managers at both ISPs and corporate networks, I'm hearing the same thing. One corporate network has gone from about 12 million spam rejects a month in June and July to 28 million in October. The very large mail systems don't publish their numbers, but they tell me informally they're seeing the same thing.”

Levine says that no-one seems to know why the increase is taking place, but offers the thought that perhaps there’s a new generation of zombies, so numerous that price has dropped and spammers can buy twice as many of them.

Zombies are indeed the main generators of unsolicited e-mails according to IT security firm Sophos which has just published a ‘dirty dozen’ chart of spamming countries for the July to September period (these are, with respective percentages: USA 21.6%; China (including Hong Kong) 13.4%; France 6.3%; South Korea 6.3%; Spain 5.8%; Poland 4.8%; Brazil 4.7%; Italy 4.3%; Germany 3.0%; Taiwan 2.0%; Israel 1.8%; and Japan 1.7%).

“Most unsolicited emails are now sent from zombie PCs - computers infected with Trojans, worms and viruses that turn them into spam-spewing bots. In the past hackers were very reliant on operating system vulnerabilities to convert an innocent computer into a zombie - now they are turning back to malware to trick users into running their malicious code, and opening the backdoor to hackers,” according to Carole Theriault, senior security consultant at Sophos. “Hundreds of new versions of the Stratio worm have helped steadily increase the volume of spam seen travelling across the net.”

Sophos reckons spammers now rely more on images to bypass filters in ‘pump-and-dump’ scams. It says that the use of spam containing embedded images continued to rise in Q3 and currently accounts for nearly 40% of all spam, the vast majority being used by pump-and-dump stock spam campaigns. This trick gives spammers a better chance of having their messages read, since images can avoid detection by those anti-spam filters that can only analyse textual content. Often, image spam is animated to further help the message bypass the filter. Having multiple layers of images loaded on top of each other adds ‘noise’, which complicates the message by making every one unique.

In other name (but probably failing to shame) spam research, spam tracking organisation The Spamhaus Project says that up to 80% of spam targeted at Internet users in North America and Europe is generated by a hard-core group of around 200 known professional spam gangs. The  names, aliases and operations of these are documented in the Spamhaus’ Register Of Known Spam Operations (ROKSO) database, and the current alleged top ten offenders can be found at: http://www.spamhaus.org/statistics/spammers.lasso
John Williamson