Spam Growing Upwards, Onwards

Spam continues to fluctuate and vary its social and technical delivery models, but there’s no question that the phenomenon of unwanted e-mail is going nowhere but straight to even more people’s in-boxes — no matter what we try to do about it.

ISPs shuttered, botnets be damned, malware and cyber-crime aside, the spam epidemic has proven to be the most resilient online scourge ever invented, and it plays a primary role in each of these other aforementioned problems.

Last month, spam continued to mature and flourish, as researchers saw many of the same blooms of technical approach (image spam) and social ploys (celebrity death) used in massive runs of new spam that have been heavily relied upon in the past.

With most experts agreeing that overall levels of spam are running at right around 90 percent of all e-mail messages sent today, one has to wonder how much money could be saved alone by merely wiping our collective infrastructure of all of the unsolicited content. But that won’t happen.

The avalanche of e-mail just keeps piling up. Spam accounted for 89 percent of all messages during July, according to experts with Symantec. Image spam, once the most commonly used technique to hide content from text filters, continued its resurgence as spammers re-employ the tactic, armed with an array of new methods for skirting perimeter controls — accounting for 17 percent of all spam.

Major news events such as the death of pop singer Michael Jackson led the way in terms of subject lines, as tapping into whatever news is hot appears to still be working for spammers despite it’s own aging status as a well-known breed of campaign. President Obama and the latest Harry Potter movie were among the other leading topics. Not too original.

Interestingly, as spam levels held steady, the oft-used health care products breed of spam dropped by 17 percent. The only rhyme or reason to all of this is the cat-and-mouse game that wages on between spammers and security vendors as they attempt to outmaneuver each other.

The only major shift appears to be that spammers continue to more effectively imitate the legitimate messages that people are hoping to find in their accounts, the researchers said.

“As security companies and the Internet community pay more attention to the reputation of Web sites and e-mail senders, spammers are not only hiding behind well-established and reputable brands, but they are also using a mixture of spam and legitimate tactics to try and evade antispam filtering to ensure the delivery of their message,” the experts said in their monthly spam report. “Using subject lines often observed in legitimate messages is one tactic that spammers continue to use; the top Image spam subject lines [also] included common phrases that would often be observed in legitimate mail.”

The news is that spam has no reason to change its image, which really isn’t any news at all.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.