November 20, 2006 4:00 AM PST

'Tis the season to send spam

In addition to plenty of turkey, a record amount of spam will be served up this holiday season.

Mass e-mailers traditionally bump up their activity as the year winds down. But this year, the amount of junk messages could be unprecedented, companies that make spam-busting tools say. And senders of unsolicited ads are already celebrating the close of the harvest season and the approach of Christmas.

"Just as legitimate vendors began stocking their shelves with holiday decor and gifts before Halloween, spammers started sending spam messages tailored to the holiday gift-giving season earlier this year," said Stephen Pao, vice president of product management at Barracuda Networks, a Mountain View, Calif., maker of security appliances.

In October, 63 billion junk messages were sent daily, on average, compared with 31 billion a year ago, according to data from IronPort Systems. Another antispam specialist, MessageLabs, reports that 88.7 percent of all e-mail sent in October was unsolicited. That percentage is expected to rise to nearly 90 percent in November and December.

That could add up to a huge pile of unwanted e-mail. IronPort predicts that the number of spam messages will average 78 billion a day in December, up from 38 billion last year.

Internet service providers and antispam companies are working hard to fight this onslaught of spam. But it's a game of cat-and-mouse, and right now, the spammers are slipping away, experts said. "The antispam vendors are struggling," said Natalie Lambert, an analyst at Forrester Research. "The best vendors are able to stop about 98 percent of spam." That still leaves 2 percent that gets through, which is a lot with the current, increasing spam levels, she added.

Spam volume

There's a holiday spam spike every year, because people are more likely to open the messages, experts said. Consumers are shopping online more, are desperate for gift ideas and expect electronic greeting cards. Spammers exploit all of that by sending fake order confirmations and e-cards and, of course, suggesting their products as gifts.

"People sell fake Rolexes via spam e-mail, and fake Rolexes make good holiday gifts," Pao said. "We expect that the amount of overall holiday-related spam to increase up to 50 percent during the week of Thanksgiving and continue through New Year's. It looks like this could turn out to be the largest, and longest, holiday spam season ever."

New tricks
There are a number of reasons for the rising tide of messages, experts say. For one, spammers are constantly looking for and finding new ways to reach unsuspecting people, said Miles Libbey, a product manager at Yahoo. "We continue to work tirelessly to make sure junk mail goes into the spam folder," he said. Yahoo, which operates one of the most popular free e-mail services, is using technology and collaborating with others to bust spam rings, Libbey said.

Technology advances are another driver. Spammers are using new tools to relay messages via networks of compromised, broadband-connected PCs called botnets. That means lot of the messages in that glut are being sent via PCs owned by unsuspecting people, who are probably busy eating their turkey and ham while the e-mail is being sent out.

image spam

At the same time, the mass-mailers have found new ways to circumvent filters meant to weed out unwanted messages. It's a perfect storm for spammers, experts said.

"During October, we started to see unprecedented spam levels--much higher than we have seen in previous years. This seems to be on the back of a Trojan that is much more robust," said Mark Sunner, a chief technology officer at MessageLabs.

A lot of the messages are being delivered using the new Trojan horse, called "SpamThru", which surfaced recently, Sunner said. Such malicious software typically gets onto Windows PCs via malicious Web sites or as an e-mail attachment disguised as something the user might want--a screen saver, for example. It may also creep onto a PC unbeknownst to the owner by exploiting a security hole.

"The technique is referred to as a spam cannon," Sunner said. "In a traditional botnet, the bot herder would connect to the network and send out spam messages one-by-one, kind of like a pea shooter. By contrast, SpamThru works like a mail merge."

CONTINUED: Evasion tactics…
Page 1 | 2

See more CNET content tagged:
antispam company, spammer, Ironport Systems Inc., spam, MessageLabs Ltd.

 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.