News
News
12/21/2006
04:11 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Spam Volume Jumps 35% In November

The volume of spam surged in November to an average of 85 billion messages a day during two periods, IronPort says.

Spam volume soared another 35% in November, an e-mail security vendor said Thursday, and the month saw spam tactics that reduced the efficiency of traditional anti-spam filters.

"There's been a huge increase in spam volume," says David Mayer, a product manager at IronPort Systems, "from 31 billion spams a day on average in October 2005 to 63 billion in October 2006. But in November, we saw two surges that averaged 85 billion messages a day, one from Nov. 13 to 22, the other from Nov. 26 to 28.

"The October-to-November increase is higher than any other month we've measured," Mayer says.

Like other anti-spam vendors, IronPort puts the blame on a surge in botnet use, the increased use of image-based spam, and a rapid rise in the number of URLs registered by spammers. That combination, along with profit-driven innovation, has dramatically changed the spam landscape in 2006, said IronPort, which released its annual trend report earlier this week.

But other trends are at work, says Mayer, including spammers picking up hacker techniques and applying them to the junk mail business.

Spammers are using malware development tactics such as trying out new strains of spam in limited quantities to gauge how effective they are against filters, then sending out huge quantities only when they're sure a good number will slip through defenses.

"They're doing test runs to see what the returns are," says Mayer, "and to see how many messages bounce back from invalid addresses. Only then will they send out the [spam] blast."

Scammers have been able to turn up the spam volume because of the seemingly limitless number of systems vulnerable to hijack, using an individual bot for only hours to send out large quantities of spam, then discarding that PC to move on to another. The volume, along with the constant tweaking they give to their messages, means that at times traditional rule- or blacklist-based anti-spam defenses can be overwhelmed.

In mid-November, for instance, IronPort monitored a new, large-scale spam attack that dropped filter efficacy by more than 10 percentage points, letting millions of messages through to in-boxes.

"It's a reaction gap," says Mayer. "It takes time for vendors to respond and come up with appropriate rules, but with their distributed [botnet] networks, spammers can send a huge attack in a matter of hours. It takes time for anti-spam solutions to catch up with the attack."

IronPort's appliances, Mayer added, can close that gap: the company can update rules as often as 12 times an hour, and if necessary -- because of a completely unknown form of spam, for example -- update the core scanning engine remotely as well. "Anti-spam needs to be very responsive," he says.

Even though December spam volumes have stayed at November's numbers, Mayer expects that 2007 will be a tough one for anti-spam vendors and end users alike. "There's a realistic probability that volumes will increase," Mayer says. "It's a game of economics; there's a lot of money to be made and [thus] a lot of innovation on their part.

"It's going to be a long battle."

IronPort's "2007 Internet Security Trends Report" can be downloaded as a PDF file from the company's Web site.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government, May 2014
NIST's cyber-security framework gives critical-infrastructure operators a new tool to assess readiness. But will operators put this voluntary framework to work?
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.