Claims that computer users are losing the resurgent war against spam are flat out wrong, a Symantec executive said Friday.
"We're actually doing a better job of catching the newest type of spam," says Doug Bowers, the senior director of the Cupertino, Calif., security company's anti-abuse engineering group. "That's forcing spammers to use more and more obfuscating techniques."
Starting in October, a major surge in spam volume and a shift to a much greater use of image-based spam caught users and anti-spam vendors off guard. Dubbed "Spam 2.0" by some, the shift in spammer tactics has resulted in a doubling of junk mail volume in the last year and in some cases, inboxes flooded with image spam touting penny stocks and drugs. For its part, Symantec said it has tracked a 55% increase in the quantity of spam in the last six months.
"We see the same increase in the problem as others," says Bowers, "but [the anti-spam industry] is having some success. Sure, the nature of the game is changing, but that means that the way you defend has to change, too."
Although Bowers wasn't ready to say that current anti-spam efforts were winning the Spam 2.0 battle -- "That would be misleading," he says -- neither are users losing. In fact, the new tactics and upswing in volume can be read as desperation moves on the part of spammers to get their messages through defenses, if only by overloading anti-spam protections.
And Bowers is convinced that some of the new spammer tactics will boomerang.
"Their [image-based] messages are getting harder and harder to read," he says, citing the use of difficult-to-make-out fonts and cluttered backgrounds, two techniques spammers now rely on to defeat image spam detectors. "This is something we see as a trend that will backfire on the spammer," says Bowers.
Other tactics forced on spammers will make their lives more miserable, Symantec argues. Rather than embed links in a message -- where the URLs can easily be spotted by anti-spam scanners -- junk mailers are sticking the addresses in the images, where they can't be clicked. To visit the spammed site, users must manually type in the address. Click-through rates will fall, Symantec predicts.
That's not to say Bowers paints a rosy picture. "We do see the trend of higher [spam] volume continuing," he says. "Users are going to see the total volume going up and up. I don't think we're at the end of the growth curve."
The cause, says Bowers, echoing other researchers, is the vast number of PCs that have been, and can be, compromised by attackers collecting huge herds of spam-spewing bots. It's unreasonable to expect that the botnet problem will be solved. "Securing every desktop in the world with anti-virus and security software isn't going to happen," Bowers argues.
And Spam 2.0 may take time to repel. "It took some time to really beat back the Spam 1.0 threat," says Bowers. "What we're seeing now is a resurgence on the part of spammers. But we're already making good strides."