More Malware, More SPAM
According to some reports, spyware is getting harder and harder to control. The sophistication of the malware makers is growing at a much faster pace than that of the security industry, even to the point of proof-of-concept adware code being developed for MacOS X.
And with all this new malware comes a tremendous increase in SPAM over the past few months. Not only are more compromised systems being used to push the SPAM, but they are employing additional tricks to get past SPAM and content filters. We are at a point where for the next few months, the security firms have a bit of catching up to do in order to stabilize the situation again.
Here is a key quote from the third article:
With a botnet of this size, the group is theoretically capable of sending a billion spam e-mails in a single day. "This number assumes one recipient per message, [but] in reality, most spams are delivered in a single message with multiple recipients at the same domain, so the actual number of separate spams landing in different inboxes could be even higher," Stewart said.
According to data from Barracuda Networks, an enterprise security appliance vendor in Mountain View, California, there has been a 67 percent increase in overall spam volume and a 500 percent increase in image spam since Aug. 2006
The email security firm Postini also reported major SPAM increases, indicating that in October 2006, they blocked for about seventy-seven (77) messages for the average user subscribed to their services, compared with a delivery of seven (7) good messages.
It is vital that we continue to encourage users to embrace safe computing practices that will reduce the number of compromised systems in the wild, and ultimately lower our risk of attacks from these botnets and compromised systems. Additionally, we should look to develop computing environments that are more resilient to these types of attacks, and can provide us with better notification when things are not configured as they should be. We need security baked into the infrastructure, not loosely taped on afterwards.
It is very important for everyone to remember that this issue is not primarily a technical one, but a social one. This issue of SPAM is not going to go away tomorrow, unfortunately, and it won't get any better until end-users (to say nothing of corporate executives) care more about security as an ongoing process, rather than only being concerned after a major incident. And stop buying all that junk in the SPAM ads! If no-one was buying it, they would stop trying to sell it that way.
The quest for Information Security is ever-ongoing, and in this battle against SPAM and malware, there will be ebbs and flows as the attackers change/improve their tactics and the defenders make the necessary adjustments to provide effective countermeasures. The more vigilant we are, the better our success will be. And we must begin today.