Security pros grumble over spam increase

You can ask users to tag spam, but usually they are too busy or inexperienced to do that. James Brady, senior email administratorCedars-Sinai Medical Center

"Our users have noticed a difference in the amount of spam – and they've been complaining," said James Brady, senior email administrator at Los Angeles-based Cedars-Sinai Medical Center.

Cedars-Sinai is among the enterprises trying to stop spam before it reaches the network.

"You can ask users to tag spam, but usually they are too busy or inexperienced to do that," Brady said. "We routinely get 5 GB of spam each day ... The more we can avoid dealing with that, the better."

Between May and the end of 2006, the absolute volume of spam has increased by about 100%, said Michael Osterman, president of Black Diamond, Wash.-based Osterman Research. In fact, some estimates suggest that up to 85% of all email is spam.

"Today, viruses recruit innocent machines into zombie botnets that wake up occasionally to send spam, then hibernate again before they can be shut down," said Eric Ogren, a security analyst at Milford, Mass.-based Enterprise Strategy Group. In addition, IM spam – sending bogus messages to instant messaging accounts – is becoming more common, Ogren said.

The format of spam is also changing.

"Image-based spam contains a GIF file with little text, so it doesn't trigger some filters," said Osterman. This new spam can be twice the size of regular emails. Plus, even if filters can recognize graphics content, spammers can alter the image slightly – by cutting it into pieces or adding tiny variations – to elude detection.

Spammers aren't satisfied with distributing Nigerian scam letters or soliciting Viagra customers anymore.

More on spam: Can simple antispam filters solve the image spam problem? Will using whitelists and blacklists effectively stop spam? Spam levels surge to unprecedented levels Thwarting spam from the inside and the outside Enterprise-level spam filters

"Identity theft, phishing, and stock scams are among the goals of the latest spam attacks," said Ross Fubini, senior director of engineering at Symantec.

Dealing with current spam threats requires new strategies, Fubini said.

"Our algorithms decide whether certain sources have a "bad reputation," which we communicate to our customers," Fubini said. Customers can then block spam from these sources. Enterprises must also monitor sources that target them specifically; such scrutiny benefits the enterprise directly, he said.

"Blocking spam on the periphery is ideal," Fubini said. Otherwise, enterprise systems waste storage space, processing cycles, and archiving capacity just to handle spam – all of which cost money, he said.

Enterprises must also evolve strategies for dealing with IM spam, called spim, Fubini said. This is especially true for enterprises that use IM for official purposes, but the widespread use of non-business IM by employees makes it necessary for all enterprises, he said.

Security software must span all major IM providers on the enterprise level, yet remain transparent to the user, he said.

An ongoing trend is to unify multiple forms of protection in a single product. For example, security software to reduce email spam might include features to block IM spam.

The irony of the spam problem is that – if everything works right – users never notice anything, and may actually wonder what the care and expense to block spam is all about.

"It's just like: you may wonder what you pay police for, until your house is robbed," Fubini said.