The summer of spam: record growth, record irritation

There is 17% more spam heading for in-boxes today than there was yesterday, and spam watchers say it could get even worse before the summer is over.

Reports from security vendors that trap unwanted messages in their spam filters are bordering on the hysterical as new data emerges daily regarding just how bad the spam epidemic has become. PDF spam, the latest trick, is leading the charge and destined to become this year’s version of image spam that fooled filters and clogged inboxes for a good part of 2006.

As the spam barrage continues and spammers come up with one new trick after the next, some question whether scanning an e-mail message’s content is still an effective way of detecting unwanted messages.

“The growth (and now peak) of image-based spam is just another outgrowth of the ever-changing spammer dynamic. We have seen some PDF-based spam, and I expect it to grow more. However, it simply represents another 'tool in the arsenal' for the typical spammer,” says David Salbego], Unix and operations manager of computing and information systems with Argonne National Laboratory, a division of the Department of Energy (DOE) operated out of the University of Chicago. “Ultimately, filtering spam at the content level will become less and less effective. A better way to control spam, in my opinion, is by considering the source of the message -- the IP address of the mail server attempting to deliver the message.”

Indeed, most messaging security vendors now employ a number of techniques to catch spam, including relying on reputation services, which assign a score to sending IP addresses based on that address’s past behavior. But no combination of techniques is foolproof, and every time spammers try out a new trick e-mail users suffer until the vendors catch on to the trick and find a way to block those messages.

For example, after a few years of spam volumes on the decline, e-mail users were hit with a sharp rise in spam last fall, when spammers figured out that by embedding text inside an image file they could fool content filters. At the same time there was a significant rise in spammers’ use of botnets, armies of PCs taken over by malware and turned into spam servers without their owners realizing it. That can confuse reputation services, because IP addresses that previously had clean reputations suddenly start sending out thousands of messages at once. Those tricks combined accounted for as much as an 80% rise in spam levels last October, according to spam watchers.

Now, as antispam filters have been updated to catch image spam, spammers have moved on.

According to Secure Computing, which reported the 17% jump in spam levels today over yesterday, spam currently accounts for 88% of all e-mail traffic and PDF spam makes up 11% of that figure. With current spam levels close to the all-time high of 90%, Secure Computing predicts that record will be matched or broken in the next 30 days, according to a company spokesperson.

Messaging security service provider Postini says it saw the biggest spam blast ever from Aug. 7 to 9. The blast, launched from a botnet, combined two popular spam tricks; attached to the e-mail message was a PDF file that many filters can’t read to determine whether the content is spam, and the attached file was a “pump and dump” scheme that promoted buying the stock of a company called Prime Time Group.