[Infowarrior] - Spam is back, and worse than ever

[Richard Forno]

Spam is back, and worse than ever
Posted: Friday, January 19 at 05:00 am CT by Bob Sullivan
http://redtape.msnbc.com/2007/01/spam_is_back_an.html

If you feel like your inbox is suddenly overrun with spam again, you are
right.

Not long ago, there seemed hope that spam had passed its prime. Just last
December, the Federal Trade Commission published an optimistic state-of-spam
report, citing research indicating spam had leveled off or even dropped
during the previous year.

Instead, it now appears spammers had simply gone back to the drawing board.
There's more spam now than ever before.

In fact, there's twice as much spam now as opposed to this time last year.
And the messages themselves are causing more trouble. About half of all spam
sent now is "image spam," containing server-clogging pictures that are up to
10 times the size of traditional text spam. And most image spam is
stock-related, pump-and-dump scams which can harm investors who don't even
use e-mail. About one-third of all spam is stock spam now.

"Traditional methods have failed spammers, so they are resorting to more and
more sophisticated tactics," said Dave Mayer, a product manager at IronPort,
which makes anti-spam products.

The tactics are working. There are 62 billion spam messages sent every day,
IronPort says, up from 31 billion last year. Now, spam accounts for three of
every four e-mails sent, according to another anti-spam firm, MessageLabs.

Image spam is a big part of the resurgence of unwanted e-mail. By using
pictures instead of words in their messages, spammers are able to evade
filters designed to detect traditional text-based ads. New computer viruses
have contributed to the uptick, also, particularly a surprisingly prolific
Trojan horse program called "SpamThru" that turns home computers into
spam-churning "bots."

Some small organizations are having real trouble with the spam surge,
IronPort officials say. One county government office called the firm after
its mail server shut down. "(It) could not even slowly process mail," said
IronPort spokeswoman Suzanne Matick. "They ended up with no mail going to
their 7,500 users for seven days." She declined to identify the agency,
citing confidentiality agreements.

Of course, there wouldn't be this much spam if it didn't work.

Concentrated stock spamming has the ability to send share prices of penny
stocks soaring, said Graham Cluley, a consultant for computer security firm
Sophos.

"They absolutely storm up in value. And then there's the inevitable fall,"
he said.

Last summer, California-based Southern Cosmetics was forced to issue
warnings to investors after spam campaigns touting shares of the company.
During one such campaign, the firm¹s stock value rose from below 1 cent per
share to a high of 6.6 cents.

The Securities and Exchange Commission has prosecuted some spam
pump-and-dumpers, and on other occasions, has suspended trading in firms
after it spotted a spam campaign. But the agency can hardly keep up with
millions of stock spams each day.

Attempts to manipulate stock prices through e-mail are nothing new, said
John Reed Stark, chief of the Securities and Exchange Commission¹s Office of
Internet Enforcement. But despite the agency¹s ³hefty track record of
bringing cases² against spammers, the technique persists.

No clicks required
Stock spam is effective because no Web link is required, Cluley said. In
old-fashioned spam, criminals generally try to trick recipients into
clicking on a link and buying something. Many e-mail programs now block
direct Web links from e-mails, rendering click-dependent spam much less
effective. But stock messages merely have to make the recipient curious
enough about a company to motivate him or her to buy a few shares through a
broker.

There is another element that helps perpetuate stock spam, Stark said ­ he
believes speculators unrelated to the original spam sometimes try to ³play
the momentum² surrounding a spam campaign ­ either getting in early on a
pump-and-dump campaign to profit as shares rise, or by ³shorting² stocks,
betting that they will fall after the spam campaign flames out.

³There are all these people pushing the envelope in sometimes desperate ways
to try to make money,² Stark said.

Image spam, which seems not inseparable from stock spam, can arrive entirely
devoid of text, but that¹s not common. Most messages have what appears to be
nonsense text pasted above and below the image. Experts call this "word
salad," or "good word poisoning." Below this story, we've pasted some
examples of what we call "spam haiku." Here¹s one:

³I thought I was Train cars derail, catch fire in KentuckyMassive fireIdol
begins this week!²

'Word salad,' or not-so-random text
The word jumble is generally borrowed from news headlines or classic books
like Charles Dickens' ³David Copperfield,² the text of which are often
available online. The seemingly random text actually serves and important
purpose -- to foil or confuse word-based spam filtering. Many spam filters
determine the likelihood that a message is spam based on the individual
words in the body of the e-mail. The presence of obviously spamish words
like ³Viagra² or ³sexy² tilts filters to categorize a mail as spam and block
it or route it to a junk mail folder. But because normal conversational
words tend to persuade filters that a message is legitimate, spammers paste
in bits and pieces of text to fool the filters. There's debate about how
well that trick works, but there's no debate about how much word salad there
is ­ it¹s everywhere.

Spammers continually refine and combine their techniques, said Doug Bowers,
senior director of anti-abuse engineering at Symantec. The firm recently
found spam attached to legitimate newsletters that appear to be from big
companies, including a Viagra ad atop a 1-800-Flowers e-mail newsletter and
another on an NFL fantasy league letter. Such e-mails are simply spam
masquerading as authentic, with real content borrowed from legitimate
companies. They are similar to phishing e-mails, and so are much more likely
to be opened by recipients than traditional spam, Bower said.

"They craft an e-mail that looks like a newsletter, but change as little as
a single line and insert an image," Bower said. "As in phishing, they are
copying the look and feel of the legitimate e-mail."

One way companies are combating image spam is to turn off all images
arriving in inboxes. But that can be a draconian measure, as it will cut off
pictures of grandchildren, too.

'Never invest based on spam'
Consumers can sometimes spot image spam without opening the message, thanks
to hyped-up subject lines like this: ³MHII.OB Best terms and conditions for
your investments.²

Spotting spam before you open it is a plus -- sometimes spam messages
contain small images that report back to the sender as soon as a message is
opened, teaching the spammer that your e-mail address is valid. More spam is
sure to follow.

But in some cases there is no way to tell if a message is spam without
opening it. So for now, the best defense consumers have is their delete key
-- and a heavy helping of skepticism when investing based on anonymous tips.

The SEC¹s Stark puts it bluntly: ³Never invest based on spam.²

SOME SAMPLE ³SPAM HAIKU²

EXAMPLE 1:
This is directly from a Harry Potter book;
deep sleep. I found myself out in public, in the middle of the match,
and I saw, in front of me, a wand sticking out of a boys pocket. I had
not been allowed a wand since before Azkaban. I stole it. Winky didn¹t

EXAMPLE 2
Many others are just jibberish
Brother simon, simons wife maria garcia.
Known remarks has ties san jose california idaho. The charred remains woman!
Wife maria garcia who both been charged accessory.
People in elmore county the charred remains, woman her? Raul solario solorio
date.

EXAMPLE 3
This is truly word salad
Male build, medium race. Sons aged, four were found inside burned out
vehicle.
May have fled michoacan be traveling with his brother.
Out vehicle on august, each.
Dangerous if you, any concerning. Of ten most wanted fugitive, jorge,
alberto? Garcia who both been charged!
Most wanted fugitive jorge alberto.
Either head or chest considered armed extremely.

EXAMPLE 4:
Clearly compiled from various news sources
an extremely guiltyIdol begins this week! Train cars derail, catch fire in
KentuckyMassive fireNigeria clashes prompt Shell evacuationsgoing to be an
architect,

EXAMPLE 5:
Hard to say where this comes from
Christian saint video graphics chip amiga mato. Human if, an article link
led you.
Poetsaint christian saint video graphics chip amiga mato, grosso.
By randy ho singer! Human if an article, link led you.
Meanings etymology and see can refer toin.
Modified, december all text available under terms gnu. The free denisefrom
to navigation searchlook up in wiktionary. Saint video graphics chip, amiga
mato grosso, brazilthis.

EXAMPLE 6
This is a jumbled passage from Charles Dickens¹ ³David Copperfield²Confused
blind way, to recall how I had felt, and what sort of boy boys especially
the smaller ones were visited with similar a child, and the natural reliance
of a child upon superior years determination to do better tomorrow. Mr.
Creakle cuts a joke
was the same with the places at the desks and forms. It was the confused
blind way, to recall how I had felt, and what sort of boy boil. On seeing
the master enter, the old woman stopped with the was standing opposite,
staring so hard, and making me blush in


MAIN PAGE