Scope of Spam Trick Debated

Spamhaus, an authoritative force against the unwantede-mail that accounts for more than half of all mailsent on the Internet, sounded an alarm this week overthe problem of Internet service provider (ISP) e-mailrelays being used by spammers.

The so-called “proxy” spam — which is sentby machines compromised by malicious software,sometimes without computer owners’ awareness — has longbeen considered a main culprit in spam proliferation.But Spamhaus’s prediction this week that a spam meltdownwill occur by mid-2006 has produced a backlash.

“I think that Spamhaus has been hyping what reallyamounts to a trick that allows spammers to takeadvantage of ISP mail servers, [which has] an equallysimple fix,” Basex CEO and chief analystJonathan Spira told TechNewsWorld.

Meltdown in the Making?

“[There is] no doubt that itis easier to block mail from PCs infiltrated byzombies which become servers in their own right,compared to an ISP’s mail server. Although [Spamhausofficial Steve Linford] wrote that we’re on the’verge of collapse,’ there are many steps thatresponsible ISPs can take to minimize the impact ofthe new threat.”

Spamhaus reported that the sources of spamare changing. The company said AOL was among the firstISPs to notice that 90 percent ofspam was coming from other ISP mail relays.

The spam watcher blamed the problem on new versionsof proxy spamware packages released by Russianspammers operating in the U.S., who can now reportedlyinstruct hijacked proxies to send spam via ISP mailrelays.

Calling attention to the issue, Spamhaus warnedthat it foresees spam rising to 95percent of all e-mail by mid-2006, at which pointdelivery systems, queues and filters would all becomeoverloaded in a “slow meltdown.”

Serious, But No Crisis

Spira, whose firm has estimated that spam costs businessesworldwide more than US$20 billion a year, said that zombies — computers compromised byattackers and then used for spamming or other criminalactivity — were a significant reason for the spamproblem. He added that the issue is serious in boththe case of individual PCs that are assembled intoso-called “bot armies,” and in the case of morepowerful, service provider e-mail relays.

However, Spira downplayed the Spamhaus contentionthat the rate and percentage of spam is climbing outof control.

“I disagree. I don’t think we’re going to go muchfurther than where we are,” he said, indicating thatbetween 70 and 80 percent of e-mail is spam at present.

Spira said some AOL figures have had spam accounting for only50 percent of its e-mail. He also disagreed with theSpamhaus warning that ISP proxy spam will be extremelydifficult to identify.

“Stating that the new threat will make spam’undetectable’ is simply an overreaction,” Spira said.

Substantial Spam Source

Ken Dunham, director of malicious code intelligence atsecurity firm iDefense, told TechNewsWorld that thezombie issues raised by Spamhaus reflect a real spikein the use of compromised machines and servers –including those from ISPs — used to send spam.

“This is not some unsubstantiated thing,” Dunhamsaid. “This is definitely how the game works. Thereare literally millions of computers that arecompletely owned by bot users.”

Dunham said although they are less noisy thancomputer virus or worm outbreaks, malicious programscalled Trojans and bots accounted for most of theincreased activity last year.

The security expert also indicated it would not besimple for ISPs to shut off access to the spamming onits servers without impacting legitimate customers andtraffic.

“That’s a tough one to track down, and good lucktrying to do that,” he said. “It’s complicated.”

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

LinuxInsider Channels