Anyone that has had email for more than a day has heard of spam. It seems to come from nowhere and arrive in our mailboxes from people we’ve never met. It is completely indiscriminant in whom it targets; it crosses all socio-economic boundaries, and yet, we can’t get rid of it. The government has outlawed it, prosecuted offenders for it, and yet, it seems to be growing at an alarming rate.
There is a lot of debate about exactly what spammers get out of sending spam. One of the more recent spam/scams had to do with Insider Trading. The spam message advised the victim that if they hurried they could get in on the ground floor of these really cheap stocks that were on the rise. The real scam behind this scheme was that it was true. The stocks (many of them at least) were real, they were pretty inexpensive and they were about to shoot up in price. The spammers purchased these stocks collectively and then started their spam campaign to pump (called a “pump and dump”) as many innocent victims as they could to purchase these stocks – which, ironically many people did. Once these stocks reached the target level the spammers dumped the stock at the inflated share rates sending the share values through the floor instantly.
I am often asked where all of this spam comes from. The answer is, in many cases, “botnet computers”. Botnet computers are computers that have become infected with Trojans, malware, spyware, and viruses – or any combination of these. These botnets are part of peer-to-peer type of networks and are highly advanced. The compromised computer is then programmed as an email server and sold off for its processing power and bandwidth capabilities. The early version of these botnets so consumed the resources of a computer that it was obvious to the user that it had become infected – today’s botnets use a more “throttled” approach making the infection almost unnoticed. The software on these botnets is modular and can be upgraded or reconfigured to take advantage of new vulnerabilities as they present themselves.
While it is true, many of us have become our own worst enemy in the fight against spam; there are still things that can be done to help. First of all, we can do the little things – purchase some good antivirus and put it on our computers. We can make sure that, if we are using a Windows operating system that we keep it up to date. Make sure that your service provider offers spam filtering on the server level – or if it is a work environment check with your systems administrator or IT department. There are tools on the server level that are free to use – products like Spamassassin, ClamAV, Amavis – all of these will help stop spam and virus-infected email from ever getting to your desktop. Another approach to fighting spam is “grey listing” – or any host of perimeter anti-spam appliances. Grey listing denies all email the first time and then writes the domain to a database when the sending server “resends” the email a second time; spammers generally do not resend email so this process eliminates the vast majority of spam email. The anti-spam appliance market is bursting at the seams these days (see link: http://www.spamhelp.org/appliances/) with various types of appliances, all geared to reducing spam.
Doug Finch
Directory of Technical Support
