Spam becomes meatier

Some scumbag has been using my email address to send pharmaceutically and sexually related spams: such spoofing can happen to anyone and does, but having your email address in the public domain increases your chances of becoming a target. There isn’t really much you can do, apart from weather the storm of bounce and out-of-office messages. Setting up a temporary filter, based on keyword strings, will prevent you having to trawl through them manually. You shouldn’t have to worry about being added to any of the blacklist databases, assuming it’s just a spoofing attack and not something of greater concern like an open relay that’s been compromised by a spammer.

During this same month, I started receiving a deluge of emails that appeared to suggest I’d signed up to all sorts of online services, ranging from recruitment agencies to joke-a-day sites, including a bartender academy and the weird-sounding Web Players Association. Coming right on top of the spam spoofing, I became concerned that someone who doesn’t understand the mechanics and mentality of spamming had signed up to them all using my details, in some kind of “spam-rage” outburst. Thankfully, this isn’t the case – it’s actually the effect of a new outbreak of malicious spam just identified by the email content security provider Marshal.

The Marshal TRACE team that investigates such matters got in touch to tell me it had spotted a deluge of such emails flooding mailboxes across the country, part of an ongoing Storm Trojan epidemic. This malware first appeared in January and has been causing havoc ever since, those website membership emails being just one of its latest tactics. A single criminal network is believed to be employing the malware to infect more PCs and add to its botnet. It’s a worryingly effective strategy, because such is human nature that it’s almost a reflex, when asked nicely to verify your membership by clicking here, to do just that (even if you hadn’t joined in the first place). Curiosity, combined with the chance of getting something for nothing, is a powerful magnet. What you’re actually getting, however, is a trojan executable that compromises your computer and adds it to the botnet army.

The precise binary delivered changes twice every hour, and the gang has progressed from month-long spam campaigns to switching tactics on a weekly basis. They’re even devious enough to use numeric IP addresses for the links in the messages rather than fully translated URLs, because they know they’ll catch more people with such unrevealing addresses – perhaps our message about looking before you click is starting to get through after all, albeit faintly and dimly.

The good news is that, despite this Storm swarm, overall there are indications that spam in general shows signs of becoming a spent force. These Spam 2.0 twists that we’ve witnessed over the last couple of months would seem to be proof of the increasing desperation of the average spamming outfit. At the start of this year, plain image spams were all but impossible to deal with and threatened to drown mailboxes around the globe, but that problem has now practically vanished as antispam vendors hone their detection techniques and filter it all away into limbo. Spammers then turned to PDF attachments as their saviour, then Microsoft Excel attachments – both designed to fool content-analysing antispam programs – but both failed to achieve the level of penetration required. How do I know this? Because both slowed to a trickle after less than a month of activity: if either had worked well, we’d be inundated by them by now. Since we’re not, the only explanation can be that the spam gangs aren’t seeing any profit. Spamming at this level is big business, and these people aren’t stupid with regards to ROI (return on investment) or lack of it. Graham Cluley, from corporate security vendor Sophos, tells me that at the start of August, PDF spam accounted for about 30% of all the spam they saw, but by the end of the month it had dropped to less than 1%.