November 20, 2006 4:00 AM PST
'Tis the season to send spam
- Related Stories
Zombies continue to chase Windows PCsOctober 24, 2006
On sentry duty in your in-boxApril 18, 2006
Most spam still coming from the U.S.January 24, 2006
Scammers jingle all the wayDecember 21, 2005
ISPs versus the zombiesJuly 19, 2005
Gates reveals his 'magic solution' to spamJanuary 26, 2004
Mass e-mailers traditionally bump up their activity as the year winds down. But this year, the amount of junk messages could be unprecedented, companies that make spam-busting tools say. And senders of unsolicited ads are already celebrating the close of the harvest season and the approach of Christmas.
"Just as legitimate vendors began stocking their shelves with holiday decor and gifts before Halloween, spammers started sending spam messages tailored to the holiday gift-giving season earlier this year," said Stephen Pao, vice president of product management at Barracuda Networks, a Mountain View, Calif., maker of security appliances.
In October, 63 billion junk messages were sent daily, on average, compared with 31 billion a year ago, according to data from IronPort Systems. Another antispam specialist, MessageLabs, reports that 88.7 percent of all e-mail sent in October was unsolicited. That percentage is expected to rise to nearly 90 percent in November and December.
That could add up to a huge pile of unwanted e-mail. IronPort predicts that the number of spam messages will average 78 billion a day in December, up from 38 billion last year.
Internet service providers and antispam companies are working hard to fight this onslaught of spam. But it's a game of cat-and-mouse, and right now, the spammers are slipping away, experts said. "The antispam vendors are struggling," said Natalie Lambert, an analyst at Forrester Research. "The best vendors are able to stop about 98 percent of spam." That still leaves 2 percent that gets through, which is a lot with the current, increasing spam levels, she added.
There's a holiday spam spike every year, because people are more likely to open the messages, experts said. Consumers are shopping online more, are desperate for gift ideas and expect electronic greeting cards. Spammers exploit all of that by sending fake order confirmations and e-cards and, of course, suggesting their products as gifts.
"People sell fake Rolexes via spam e-mail, and fake Rolexes make good holiday gifts," Pao said. "We expect that the amount of overall holiday-related spam to increase up to 50 percent during the week of Thanksgiving and continue through New Year's. It looks like this could turn out to be the largest, and longest, holiday spam season ever."
There are a number of reasons for the rising tide of messages, experts say. For one, spammers are constantly looking for and finding new ways to reach unsuspecting people, said Miles Libbey, a product manager at Yahoo. "We continue to work tirelessly to make sure junk mail goes into the spam folder," he said. Yahoo, which operates one of the most popular free e-mail services, is using technology and collaborating with others to bust spam rings, Libbey said.
Technology advances are another driver. Spammers are using new tools to relay messages via networks of compromised, broadband-connected PCs called botnets. That means lot of the messages in that glut are being sent via PCs owned by unsuspecting people, who are probably busy eating their turkey and ham while the e-mail is being sent out.
At the same time, the mass-mailers have found new ways to circumvent filters meant to weed out unwanted messages. It's a perfect storm for spammers, experts said.
"During October, we started to see unprecedented spam levels--much higher than we have seen in previous years. This seems to be on the back of a Trojan that is much more robust," said Mark Sunner, a chief technology officer at MessageLabs.
A lot of the messages are being delivered using the new Trojan horse, called "SpamThru", which surfaced recently, Sunner said. Such malicious software typically gets onto Windows PCs via malicious Web sites or as an e-mail attachment disguised as something the user might want--a screen saver, for example. It may also creep onto a PC unbeknownst to the owner by exploiting a security hole.
"The technique is referred to as a spam cannon," Sunner said. "In a traditional botnet, the bot herder would connect to the network and send out spam messages one-by-one, kind of like a pea shooter. By contrast, SpamThru works like a mail merge."