Security Blog Log: Sailing a sea of spam

This week, bloggers struggle to purge their bloated inboxes. Their experiences lend weight to recent studies showing a breathtaking spike in spam.


When security vendors release reports showing a certain threat on the rise, IT professionals tend to read them with some skepticism. After all, the vendor is ultimately looking to sell them a product that will supposedly deal with the threat at hand.

But when companies like Postini Inc. and Sophos release reports showing a breathtaking surge in spam, people are less inclined to dismiss the findings. It's hard to do so when your own email inbox is bloated with the stuff.

Postini watched spam levels spike by nearly 60% in the last eight weeks, with spam now accounting for 91% of the email it screens. Over the past 12 months, the company said, the daily volume of spam rose by 120%. Sophos has also observed a huge increase in unwanted emails, and both firms agree botnets are largely responsible for the surge.

There's plenty of chatter about spam in the blogosphere these days to boost the credibility of such reports.

About Security Blog Log:
Senior News Writer Bill Brenner peruses security blogs each day to see what's got the information security community buzzing. In this column he lists the weekly highlights. If you'd like to comment on the column or bring new security blogs to his attention, contact him at [email protected].

Recent Columns:

Dissecting Firefox 2.0

The never-ending PatchGuard debate

IE 7 arrives, but does anyone care?

Ed Bott, a Windows expert who has written a number of books about the operating system, used his blog to chronicle his own struggles with spam.

"I've been noticing a lot more spam getting through my server-side filters and also passing through my client-side filters lately," Bott wrote, pointing to additional research from Symantec Corp. and Total Quality Management as proof that the uptick isn't a product of his imagination.

Bott linked to a chart from Total Quality Management that shows a surge in spam starting around June 11. He then suggested the surge was the result of attacks exploiting a Word flaw Microsoft patched in its MS06-027 bulletin in June.

Blogger Kaye Vivian's inbox has also been deluged with spam. Vivian looked over the return addresses and concluded it's coming from the computers of friends who don't realize their machines have been hijacked.

"My spam level is up to about 60 per day that get through my ISP, which blocks about twice that many more, and that doesn't include the 50-60 spams I get on the blog here and manually delete," Vivian wrote. "I normally look at the return addresses on those spam emails (most of which have started using the "nofollow" command). What's been interesting to me is the number of spam messages that come from accounts I can recognize. Now I think I understand why -- my friends and colleagues have been hijacked into a botnet! Maybe I have, too!"

Colin Henderson, keeper of the Bankwatch blog, described how the spam onslaught has pretty much forced him to abandon one of his email accounts.

"Over the last two months in particular, I have noted an increase in spam -- both the volume being caught by Gmail … and in the numbers that are getting through," he wrote. "I have a Yahoo account, too, and Yahoo seems unable to catch any 519 Nigerian 'we want to transfer $14 million to you' scams, such that my Yahoo account is now unusable."

He noted that because of the botnets, spam is much tougher to identify and fight than if was a couple of years ago.

"Spam used to emanate from a spam server, so was relatively easy to identify," he wrote. "When spam emanates from a botnet, the bad guy could be your PC in your home. This makes identification much harder."

He concluded his entry with a story about a colleague who complained about another bank's employee who had supposedly spammed an enormous number of his bank's employees. In retrospect, Henderson said, the emails either came from "a really stupid employee" or a spam attack using the employee's name.

In his Freedom to Tinker blog, Ed Felten, professor of computer science and public affairs at Princeton University, said the computing community needs a better understanding of the bot threat before the latest spam onslaught can be brought under control.

"Though botnets are a major cause of Internet insecurity problems, few netizens know what they are or how they work," Felten wrote. "Some experts think we're losing the war against botnets. Yet there isn't much public discussion of the problem among non-experts. Why not?"

In an attempt to get that discussion going, his entry includes a detailed summary of what bots are and how they're being used.

Read more on IT risk management