Spam Doubles, Finding New Ways to Deliver Itself

An anonymous reader noted that the times is running a piece on the rise in spam that you might have noticed in your inbox over the last 6 months. Gates promised the end of spam by 2006, but they figure it's doubled in the last few months. And best of all, a huge percentage of spam is now images that circumvent traditional text analysis.

Picture spam

[millwall]

The picture spam not caught by the gmail spam filters that I receive all look very very similar. Randomly generated sentences with buzz words and a "picture text" haussing a certain stock.

I'm very surprised these all come through the gmail spam filter. By now it should be easy to identify them.

Another problem

[Sv-Manowar]

Good to see them documenting the rise of email spamming, but I'm suprised the article doesn't talk more about the spammers who are running amock across websites rather than people's inboxes nowdays. While the problem of email spam is still growing, it has pretty much always been there and the public are fully aware of it (with mainstream services such as Gmail offering spam protection, etc), the huge rise at the moment is the amount of web applications and sites that are being exploited. Take for instance Youtube (with many of the most popular videos having their comment threads spammed hard), or any mainstream forum software (most commonly phpBB), where spam bots are continually developed to get around registration methods (including OCR) and then spam the forum with either their profiles or posts. Not forgetting the guestbook spamming which many of the people behind these use for SEO purposes, so they can get phising or product selling pages to the top of search engines (even if it is for a day or so before they are penalised/blacklisted).

While email spamming is still the main problem, it would be nice to see the mainstream media realise that there is a growing danger in people exploiting community websites nowdays, because all it takes is for one of these operations to install enough spyware/get traffic from sites/top search engines for banking/insurance etc websites, then they will start taking consumer's data faster than spam would - all without the majority of customers realising, because they think the main threat is in their inbox.

Re:ban images?

[Shakrai]

HTML in e-mail was never standard functionality anyway. E-mail is a text medium, which has grown in some ways without growing the infrastructure to go with it.

HTML e-mails annoy the hell out of me, mainly because for a long time I was quite content to use older e-mail clients that didn't support them. But that's not what I was lamenting.

I was lamenting how anti-spam measures have made e-mail less and less useful. It was drowned out by the righteous replies of "I'll do whatever I want with my mail server". You can do whatever you want with your own server. But I'm allowed to lament the fact that e-mail has become less and less useful.

It seems to me that there is no technological solution to this problem as long as it remains profitable to SPAM. Any technological solution is short lived (i.e: arms race) and will have at least some negative effect. Can't we take away the financial motivation to SPAM? Go after the companies whose products are being sold? The spammer may or may not be offshore or may or may not be using zombies but if that spam message is to be successful then it has to point me at a product. Go after that product!

That's probably naive of me and smarter people then I have attempted to solve this problem. Still, I miss the days when I could just put up an e-mail server and all it had to do was deliver messages to my users. It wasn't the servers job to care about what was in the message -- it was the clients.

Re:Image spam?

[Brandon+Hume]

The problem is mainly that the spammers have an absolutely IMMENSE amount of stolen processing power available to them. Botnets with hundreds of thousands of hosts, and many of those PCs have just as much, if not multiple times more processing power than any common server in your rack. Your mail server is built for reliability and I/O, and has a much longer life cycle than a desktop.

It's nothing for the spammers to analyze a captcha, even if they want to. But for every obfuscated image they send to you, you've got much fewer resources to try and analyze it. Even if you build a monster mail transport (muchos dinaros) they'll just bot a few more idiot machines and overwhelm you.

In fact, that's apparently a new tactic some of the more scummy spammers have been taking. If your filtering/tarpitting is TOO good, they'll just unleash the whole botnet onto you and crash your mail servers until such time as you see that it's better to take their crap than try to fight them. I've seen admins complaining about it on NANAE.

It seems outrageous to say this in relation to something as "unimportant" as email... but I really, truly wish we'd start seeing some fatalities amongst the spammer set.

Re:ban images?

[aaronl]

Unfortunately, if you go after the product the spam offers, then it turns into a vehicle to damage a third party. Now when someone doesn't like a company/product, they will pay to have a few millions spam messages sent out, and destroy their competition. Or they will threaten to do the same if said company doesn't pay a large amount of money.

This happens today with email viruses and botnet attacks, and don't think that it wouldn't happen if you attacked products advertised in spam.

"Normalization of deviance"

[Beryllium+Sphere(tm)]

We're all frogs being boiled alive because we kept getting used to the temperature as it went up.

When and why did we accept needing elaborate programs to throw away our email before we looked at it? When and why did we accept not being able to send files in email, after spending years defining and implementing MIME?

There have been cities that got so accustomed to street crime that people starting blaming the people who got attacked instead of the criminal. When and why did we get to the point that someone could tell a normal (and savvy) user of email
>You don't have to be a complete fucking tool you're entire life you know.
?

Not that I have a solution, I'd be out getting rich if I did.

Re:WE INVITE YOU TO COME SEE THE 2020

[MBGMorden]

They did for a while. I use a filter (Spamassassin, Postfix, and Amavisd-new based) in front of my main mail server, and a plugin called "FuzzyOCR" uses several open source OCR techniques and could stop a lot of the image spam for a while.

Of course now that the spammers know this, they're moving around the letters, putting in noise, and throwing various geometric shapes into the background to confuse the OCR.

The bad thing is, at this point the only thing they're able to use it for is trying to pump up a stock. Any links and we'd kill it dead really quick. It boggles my mind that people could possibly take a "stock tip" from a picture of jumbled up, scrambled words with all sorts of triangles and circles in the background.

Re:It's the bottom line, stupid!

[M-G]

And the problem is that it appears to work. For giggles, I've tracked a couple of these stocks. If you don't get too greedy, and get out before the spammers (presumably holders of large blocks of stock) dump, you can actually make a good return.

So if you, as a spam recipient, play along with their stock game, you can make money, while helping drive up the price for the spammers to make their profit.

As for buying spammed products, I've long held the opinion that no one need to buy any products for the spam to keep flowing. Much like the pump and dump schemes, I get the feeling that a lot of spam originates from people paying for 'internet marketing' services touted in various 'get rich on the internet' programs. So the actual money-making product is the 'service' that's being sold to those down the chain.

Re:WE INVITE YOU TO COME SEE THE 2020

[fosterNutrition]

It boggles my mind that people could possibly take a "stock tip" from a picture of jumbled up, scrambled words with all sorts of triangles and circles in the background. The fact is that most people don't. The real reason these things are so popular is that everyone knows it's a scam. People then feel like they're "in the know," and hence that they can beat the scammer. The idea is that if you know it's a scam, you can buy stock and then dump it before the scammer does.

This never works, simply because the scammer has such an enormous volume of the stock pre-purchased that they can easily undercut your selling price on the market while still making a profit, and hence their stocks will always be dumped before yours are. Of course, in theory, if you have an even larger volume, and can undercut them, you could profit. That would, however, technically mean you are now the pump and dump scammer, even if they do all the work for you.

Re:Wrong.

[A+beautiful+mind]

I think this is the second time I posted the spam form, but just for you:

(x) Nice try, assh0le! I'm going to find out where you live and burn your house down!

Incidentally I've found a post detailing the origins of the form if anyone's interested.