Google Says Spam Volumes On the Rise

alphadogg writes "Despite security researchers' efforts to cut spam down to size, it just keeps growing back. The volume of unsolicited email in the first quarter was around 6 percent higher than a year earlier, according to Google's e-mail filtering division Postini. Security researchers have won a few significant battles against the spammers in the last year, first against those hosting the spammers' control systems, and later against the control systems themselves, but they will have to change tactics again if they want to win the war. In the first half of last year, security researchers concentrated their efforts on identifying the ISPs or hosting companies that allowed command-and-control servers to operate, and shutting these botnet purveyors down. The success of that tactic was short-lived, however."

If One Person Clicks, We All Lose

[eldavojohn]

If you are successful at combating spam, you will see a rising volume. Here is the chain reaction that takes place:

1. A spammer has an established source of income that he profits from his operations. Let's say it's ten grand a month. Everything is going well--he kicks back and watches watches the money machine.
2. You implement a better spam blocking program or a better educate users or do something so that the five hundred clicks he gets a day drops to four hundred clicks a day.
3. The spammer now finishes at eight grand at the end of the month and notices something is wrong.
4. The spammer is certain that he can grab back those clicks and all he (did you ever notice how spammers are always men?) has to do is crank up the volume whether it be by getting more e-mails to spam or sending more frequent spams or revolutionizing his spamming tactic and adding new templates and variables to trick people or get around blocks.
5. In the end we see spam rise.

Now, maybe he makes that two grand back in his push and maybe he don't. Maybe your new method reduced his clicks from five hundred to five per month. Either way the best we can hope is that at some point that income shrinks to negative or so little it's not worth his time. The problem is that even if 0.0001% of his spam messages generates a click, he's making bank.

The battle for clean e-mail should be fought on a number of fronts. Public awareness is the key weak link in the chain in my opinion. And as a new net savvy generation arises, that will come naturally.

No matter how much I tell my friends and family to be safe on the net, my friend in Cairo had ten credit cards opened in her name and I had to help her clean it up over here. To make sure it didn't happen again we went over smart procedures like if your bank sends you an e-mail you should read it and then open up your browser by hand and type in the bank's URL as you know it by hand and look for the corresponding information on the site. Yeah, it's a pain in the ass but if you can't find it you can always just call them. Don't click the e-mail link and drop your username and password into some site you don't trust. If I had to guess how she got tripped up, it was when she went to Cairo for school she couldn't afford to talk on the phone and had gotten lazy and careless with doing all her banking online.

Re:If One Person Clicks, We All Lose

[houstonbofh]

Kidnapping for money is a big industry in Mexico. It is all but unheard of in the United States. Why? Because the FBI made it unprofitable. They use whatever resources are needed to track down and bust the kidnappers, however long it takes. We need that kind of will in the fight against spam. It is expensive at first, but less expensive as people get out of the business.