• MSNBC Home
  • » Technology & Science
    • » Security
      • » The Red Tape Chronicles

Spam is back, and worse than ever

Posted: Friday, January 19 2007 at 05:00 am CT by Bob Sullivan

If you feel like your inbox is suddenly overrun with spam again, you are right.

Not long ago, there seemed hope that spam had passed its prime. Just last December, the Federal Trade Commission published an optimistic state-of-spam report, citing research indicating spam had leveled off or even dropped during the previous year.

Instead, it now appears spammers had simply gone back to the drawing board. There's more spam now than ever before.

In fact, there's twice as much spam now as opposed to this time last year. And the messages themselves are causing more trouble. About half of all spam sent now is "image spam," containing server-clogging pictures that are up to 10 times the size of traditional text spam. And most image spam is stock-related, pump-and-dump scams which can harm investors who don't even use e-mail. About one-third of all spam is stock spam now.

"Traditional methods have failed spammers, so they are resorting to more and more sophisticated tactics," said Dave Mayer, a product manager at IronPort, which makes anti-spam products.

The tactics are working. There are 62 billion spam messages sent every day, IronPort says, up from 31 billion last year. Now, spam accounts for three of every four e-mails sent, according to another anti-spam firm, MessageLabs.

Image spam is a big part of the resurgence of unwanted e-mail. By using pictures instead of words in their messages, spammers are able to evade filters designed to detect traditional text-based ads. New computer viruses have contributed to the uptick, also, particularly a surprisingly prolific Trojan horse program called "SpamThru" that turns home computers into spam-churning "bots."

Some small organizations are having real trouble with the spam surge, IronPort officials say. One county government office called the firm after its mail server shut down. "(It) could not even slowly process mail," said IronPort spokeswoman Suzanne Matick. "They ended up with no mail going to their 7,500 users for seven days." She declined to identify the agency, citing confidentiality agreements.

Of course, there wouldn't be this much spam if it didn't work.

Concentrated stock spamming has the ability to send share prices of penny stocks soaring, said Graham Cluley, a consultant for computer security firm Sophos.

"They absolutely storm up in value. And then there's the inevitable fall," he said.

Last summer, California-based Southern Cosmetics was forced to issue warnings to investors after spam campaigns touting shares of the company. During one such campaign, the firm’s stock value rose from below 1 cent per share to a high of 6.6 cents.

The Securities and Exchange Commission has prosecuted some spam pump-and-dumpers, and on other occasions, has suspended trading in firms after it spotted a spam campaign. But the agency can hardly keep up with millions of stock spams each day.

Attempts to manipulate stock prices through e-mail are nothing new, said John Reed Stark, chief of the Securities and Exchange Commission’s Office of Internet Enforcement. But despite the agency’s “hefty track record of bringing cases” against spammers, the technique persists.

No clicks required
Stock spam is effective because no Web link is required, Cluley said. In old-fashioned spam, criminals generally try to trick recipients into clicking on a link and buying something. Many e-mail programs now block direct Web links from e-mails, rendering click-dependent spam much less effective. But stock messages merely have to make the recipient curious enough about a company to motivate him or her to buy a few shares through a broker.

There is another element that helps perpetuate stock spam, Stark said – he believes speculators unrelated to the original spam sometimes try to “play the momentum” surrounding a spam campaign – either getting in early on a pump-and-dump campaign to profit as shares rise, or by “shorting” stocks, betting that they will fall after the spam campaign flames out.

“There are all these people pushing the envelope in sometimes desperate ways to try to make money,” Stark said.

Image spam, which seems not inseparable from stock spam, can arrive entirely devoid of text, but that’s not common. Most messages have what appears to be nonsense text pasted above and below the image. Experts call this "word salad," or "good word poisoning." Below this story, we've pasted some examples of what we call "spam haiku." Here’s one:

“I thought I was Train cars derail, catch fire in KentuckyMassive fireIdol begins this week!”

'Word salad,' or not-so-random text
The word jumble is generally borrowed from news headlines or classic books like Charles Dickens' “David Copperfield,” the text of which are often available online. The seemingly random text actually serves and important purpose -- to foil or confuse word-based spam filtering. Many spam filters determine the likelihood that a message is spam based on the individual words in the body of the e-mail. The presence of obviously spamish words like “Viagra” or “sexy” tilts filters to categorize a mail as spam and block it or route it to a junk mail folder. But because normal conversational words tend to persuade filters that a message is legitimate, spammers paste in bits and pieces of text to fool the filters. There's debate about how well that trick works, but there's no debate about how much word salad there is – it’s everywhere.

Spammers continually refine and combine their techniques, said Doug Bowers, senior director of anti-abuse engineering at Symantec. The firm recently found spam attached to legitimate newsletters that appear to be from big companies, including a Viagra ad atop a 1-800-Flowers e-mail newsletter and another on an NFL fantasy league letter. Such e-mails are simply spam masquerading as authentic, with real content borrowed from legitimate companies. They are similar to phishing e-mails, and so are much more likely to be opened by recipients than traditional spam, Bower said.

"They craft an e-mail that looks like a newsletter, but change as little as a single line and insert an image," Bower said. "As in phishing, they are copying the look and feel of the legitimate e-mail."

One way companies are combating image spam is to turn off all images arriving in inboxes. But that can be a draconian measure, as it will cut off pictures of grandchildren, too.

'Never invest based on spam'
Consumers can sometimes spot image spam without opening the message, thanks to hyped-up subject lines like this: “MHII.OB Best terms and conditions for your investments.”

Spotting spam before you open it is a plus -- sometimes spam messages contain small images that report back to the sender as soon as a message is opened, teaching the spammer that your e-mail address is valid. More spam is sure to follow.

But in some cases there is no way to tell if a message is spam without opening it. So for now, the best defense consumers have is their delete key -- and a heavy helping of skepticism when investing based on anonymous tips.

The SEC’s Stark puts it bluntly: “Never invest based on spam.”

---

SOME SAMPLE “SPAM HAIKU”

EXAMPLE 1:
This is directly from a Harry Potter book;
deep sleep. I found myself out in public, in the middle of the match,
and I saw, in front of me, a wand sticking out of a boys pocket. I had
not been allowed a wand since before Azkaban. I stole it. Winky didn’t

EXAMPLE 2
Many others are just jibberish
Brother simon, simons wife maria garcia.
Known remarks has ties san jose california idaho. The charred remains woman! Wife maria garcia who both been charged accessory.
People in elmore county the charred remains, woman her? Raul solario solorio date.

EXAMPLE 3
This is truly word salad
Male build, medium race. Sons aged, four were found inside burned out vehicle.
May have fled michoacan be traveling with his brother.
Out vehicle on august, each.
Dangerous if you, any concerning. Of ten most wanted fugitive, jorge, alberto? Garcia who both been charged!
Most wanted fugitive jorge alberto.
Either head or chest considered armed extremely.

EXAMPLE 4:
Clearly compiled from various news sources
an extremely guiltyIdol begins this week! Train cars derail, catch fire in KentuckyMassive fireNigeria clashes prompt Shell evacuationsgoing to be an architect,

EXAMPLE 5:
Hard to say where this comes from
Christian saint video graphics chip amiga mato. Human if, an article link led you.
Poetsaint christian saint video graphics chip amiga mato, grosso.
By randy ho singer! Human if an article, link led you.
Meanings etymology and see can refer toin.
Modified, december all text available under terms gnu. The free denisefrom to navigation searchlook up in wiktionary. Saint video graphics chip, amiga mato grosso, brazilthis.

EXAMPLE 6
This is a jumbled passage from Charles Dickens’ “David Copperfield”Confused blind way, to recall how I had felt, and what sort of boy boys especially the smaller ones were visited with similar a child, and the natural reliance of a child upon superior years determination to do better tomorrow. Mr. Creakle cuts a joke
was the same with the places at the desks and forms. It was the confused blind way, to recall how I had felt, and what sort of boy boil. On seeing the master enter, the old woman stopped with the was standing opposite, staring so hard, and making me blush in

Spam's rebound: What you can do

EMAIL THIS

Cover | U.S. News | World News | Business | Sports | Tech/Science | Entertainment | Travel | Health | Blogs Etc. | Weather | Local News
Newsweek | Today Show | Nightly News | Dateline NBC | Meet the Press | MSNBC TV

About MSNBC.com | Newsletters | RSS | Podcasts | Search | Help | News Tools | Jobs at MSNBC.com | Contact Us | Terms & Conditions | Privacy

© 2009 MSNBC.com

 

• © 2009 Microsoft
• MSN Privacy
• Legal
• Advertise

• Feedback
•  |  Help