When security vendors release reports showing a certain threat on
the rise, IT professionals tend to read them with some skepticism.
After all, the vendor is ultimately looking to sell them a product
that will supposedly deal with the threat at hand.
But when companies like Postini Inc. and Sophos release reports
showing
a breathtaking surge in spam, people are less inclined to
dismiss the findings. It's hard to do so when your own email inbox
is bloated with the stuff.
Postini watched spam levels spike by nearly 60% in the last
eight weeks, with spam now accounting for 91% of the email it
screens. Over the past 12 months, the company said, the daily
volume of spam rose by 120%. Sophos has also observed a huge
increase in unwanted emails, and both firms agree
botnets are largely responsible for the surge.
There's plenty of chatter about spam in the blogosphere these
days to boost the credibility of such reports.
Ed Bott, a Windows expert who has written a number of books
about the operating system, used his
blog to
chronicle his own struggles with spam.
"I've been noticing a lot more spam getting through my
server-side filters and also passing through my client-side filters
lately," Bott wrote, pointing to additional research from Symantec
Corp. and Total Quality Management as proof that the uptick isn't a
product of his imagination.
Bott linked to a chart from Total Quality
Management that shows a surge in spam starting around June 11. He
then suggested the surge was the result of attacks exploiting a
Word flaw Microsoft patched in its
MS06-027 bulletin in June.
Blogger Kaye Vivian's
inbox has also been deluged with spam. Vivian looked over the
return addresses and concluded it's coming from the computers of
friends who don't realize their machines have been hijacked.
"My spam level is up to about 60 per day that get through my
ISP, which blocks about twice that many more, and that doesn't
include the 50-60 spams I get on the blog here and manually
delete," Vivian wrote. "I normally look at the return addresses on
those spam emails (most of which have started using the "nofollow"
command). What's been interesting to me is the number of spam
messages that come from accounts I can recognize. Now I think I
understand why -- my friends and colleagues have been hijacked into
a botnet! Maybe I have, too!"
Colin Henderson, keeper of the
Bankwatch blog, described how the spam onslaught has pretty
much forced him to abandon one of his email accounts.
"Over the last two months in particular, I have noted an
increase in spam -- both the volume being caught by Gmail … and in
the numbers that are getting through," he wrote. "I have a Yahoo
account, too, and Yahoo seems unable to catch any 519 Nigerian 'we
want to transfer $14 million to you' scams, such that my Yahoo
account is now unusable."
He noted that because of the botnets, spam is much tougher to
identify and fight than if was a couple of years ago.
"Spam used to emanate from a spam server, so was relatively easy
to identify," he wrote. "When spam emanates from a botnet, the bad
guy could be your PC in your home. This makes identification much
harder."
He concluded his entry with a story about a colleague who
complained about another bank's employee who had supposedly spammed
an enormous number of his bank's employees. In retrospect,
Henderson said, the emails either came from "a really stupid
employee" or a spam attack using the employee's name.
In his Freedom to
Tinker blog, Ed Felten, professor of computer science and
public affairs at Princeton University, said the computing
community needs a better understanding of the bot threat before the
latest spam onslaught can be brought under control.
"Though botnets are a major cause of Internet insecurity
problems, few netizens know what they are or how they work," Felten
wrote. "Some experts think we're losing the war against botnets.
Yet there isn't much public discussion of the problem among
non-experts. Why not?"
In an attempt to get that discussion going, his entry includes a
detailed summary of what bots are and how they're being used.