Spam senders suffered a few temporary setbacks in 2008, including an FTC bust on HerbalKing, one of the largest global spam networks allegedly responsible for sending billions of unsolicited emails, and the shuttering of web host McColo Corp, who the FTC said was responsible for roughly 75 percent of the world's spam. It may have taken a few months, but spam levels have now risen back up to 150 percent, according to Postini Message Security.
"As spammers fill the void left by McColo, it's reasonable to anticipate a decreasing rate of growth as spam reaches November 2008 levels," wrote Amanda Kleha of the Google message-security team on the company's blog. "However, since the November levels weren't even the peak for the year, and since spammers appear to be quickly recovering, the question remains: Where will spam volume top out in 2009? Will it be near the November 2008 level? The April 2008 level? Or higher?"
Symantec also notes a concerning rise in spam, noting that it has seen spam volumes return to within 5 percentage points of the pre-McColo shutdown numbers. In other words, the break is over and barring another bust, spam levels could rise even higher than what they were before a series of crackdowns took place.
Yahoo "Anti-Spam Czar" Mark Risher says the search company has begun taking several steps toward cutting back on the amount of spam Yahoo email account holders receive.
"Recently, Yahoo!’s anti-spam team has been using a 'supercomputer; consisting of thousands of individual PCs — part of our open source Hadoop project — to help detect spammer," Risher wrote on the Yahoo Mail blog. "We’re teamed up with several top universities on this research, looking for more ways to find and block the bad guys even faster, before they can do their damage."
Risher went on to say Yahoo has signed a deal with Abaca, a startup company who ambitiously promises "a minimum of 99 percent accuracy" when it comes to detecting spam. Yahoo has also begun using Return Path technology, which lets legitimate companies know when their emails have been marked as spam.
Could it be possible that legitimate email messages only account for 10 percent of all email? According to the Cisco 2008 Annual Security Report, the answer is 'yes.' The report claims that nearly 200 billion pieces of spam are sent and received every day, accounting for 90 percent of the world's email. Making the influx of spam messages possible are armies of hijacked computers, Cisco says.
"Every year we see threats evolve as criminals discover new ways to exploit people, networks, and the internet," said Cisco chief security researcher Patrick Peterson. "The botnet is, in many cases, ground-zero for online criminal threats."
Cisco points to the United States as by far the biggest source of spam, accounting for 17.2 percent of the messages. Turkey came in second at 9.2 percent, and Russia ranked third accounting for 8 percent.
What's most striking is that spam volumes have nearly doubled in 2008 compared to 2007. This despite a handful of recent busts by the FTC on various spam rings, which appear to have done nothing when looking at the overall picture. And because spammers "rarely use computers in their physical possession, instead renting or building botnets," the FTC will continue to fight an uphill battle until security improves across the board. Don't hold your breath.
With proper filters in place, you may not even have noticed that spam levels have dropped off recently. It isn't that the scumbags sending out the unsolicited emails have gotten into the holiday spirit and decided to take a break from their operations, and instead the drop off was a result of the FTC shutting down McColo Corp., the web hosting service believed to be responsible for 75 percent of the world's spam.
The two-week hiatus appears to be over. According to Symantec's MessageLabs, spam emails are increasing at twice the volume after McColo went offline. Following the FTC bust, MessageLabs says that spam levels dropped precipitously by 80 percent. But now the remaining 20 percent has increased to 37 percent, indicating that the botnet owners have found new ISPs for their operations.
"The Asporx and Rustock botnets are back with a vengeance after having found new command and control," MessageLabs' Matt Sergeant said.
It looks like fruitcakes won't be the only unwanted gifts this holiday season.
As it's turning out, the fight against spam might not be so futile after all. Edward Davidson, who became known as the 'spam king' by sending out millions of falsely labeled emails, found himself behind bars in April, and then more recently, the FTC shut down one of the largest organized spam rings in the world in HerbalKing. And less than two weeks ago, the FTC scored another major win by shutting down a web host thought to be responsible for 75 percent of the world's spam. Now it's Facebook who's getting in on the fight.
Ruling on a case filed by Facebook against Adam Guerbuez and Atlantis Blue Capital on August 14, 2008, Federal Judge Jeremy Fogel has awarded Facebook over $873 million in damages. Atlantis Blue Capital found itself under legal fire for allegedly accessing Facebook's servers, setting up phishing websites to acquire Facebook logins and email addresses, and sending out millions of emails to the social networking site's members.
"It's unlikely that Geurbez and Atlantis Blue Capital could ever honor the judgment rendered against them (though we will certainly collect everything we can)," Max Kely, Facebook's director of security, wrote in a blog post. "But we are confident that this award represents a powerful deterrent to anyone and everyone who would seek to abuse Facebook and its users."
The sentence, which is likely to knock Atlantis Blue Capital out of business, also forbids Geurbuez to access, retain, or use Facebook data in any way, nor is he allowed to create or maintain a Facebook profile.
We'd be remiss to claim that the tide is turning in the war against spam, but that doesn't stop us from getting excited at seeing the scumbags responsible suffer setbacks. Such was the case last month when the FTC said it had shut down one of the largest global spam networks allegedly responsible for sending billions of unsolicited emails. Now, less than one month later, a web hosting firm believed to be responsible for hosting roughly 75 percent of the world's spam has gone offline.
With servers housed in a 30-story office tower in downtown San Jose, California, hosting service McColo Corp. was shut down when two internet providers, Global Crossing and Hurricane Electric, cut off service after receiving reports about McColo's activities. Following the termination of service, security companies noticed an immediate drop in spam volumes, with email security firm IronPort claiming spam levels fell by about 66 percent for the 24 hour period ending Tuesday. Unfortunately, the drop isn't expected to last.
"We're seeing a slow recovery," said Nilesh Bhandari, product manager with IronPort. "We fully expect this to recover completely, and to go into the highest ever spam period during the upcoming holiday season."
We're not so naive to think that male enhancement, weight-loss, and prescription medication solicitations will stop infiltrating our inbox and filling up our spam queue, but perhaps after the Federal Trade Commission's latest bust they'll be a little less frequent. The FTC said on Tuesday it had shut down one of the largest global spam networks allegedly responsible for sending billions of unsolicited emails.
The FTC received some 3 million complaints in connection with spam tied to the HerbalKing operation, which is said to have operated in the United States, China, New Zealand, and other nations. According to the FTC, HerbalKing received $400,000 in Visa credit car charges in a single month, leading a U.S. District Court to freeze the various defendants' assets.
As is typical of spam rings, HerbalKing utilized botnets to mass-mail recipients. Mega-D, believed to be the group's largest botnet, was responsible for 35,000 zombie PCs capable of sending out a whopping 10 billion email solicitations per day. But the list of infractions goes well beyond violating the Can-Spam Act of 2003. The FTC accuses HerbalKing of unlawful operation of a pharmacy, making false claims regarding the safety of herbal products containing potentially harmful ingredients, selling medication without proof of a prescription, and more.
CRN recently reported on a research from internet security vendor Marshal that found out of the 622 users polled 29.1% admitted to having purchased items through spam emails.
I seriously hope this was just a particularly ignorant group of Internet users. Okay, now hear this; Buying stock through spam email amounts to lighting a match to your hard-earned cash. There is no magic pill to make your penis bigger or make you better in bed. Buying crap through spam encourages spammers to spam more. In other words, don’t do it! Those of us with a clue will thank you, if we don’t cuff you first.
Unlike other kings, spam king Edward "Eddie" Davidson decided that he didn’t like his new royal domain at the minimum-security federal prison in Florence, Colorado. After serving five weeks of his 21 month sentence his Royal ‘Spamness’ hopped a ride with his wife when she came to visit.
"He jumped in the car with his wife," said Will Cochenour with Lakewood police. "When they were leaving, he forced her in the car, brought them home and left after a change in clothing.” Davidson was last seen Sunday afternoon in his wife's 2006 silver Toyota Sequoia.
Davidson's Power Promoters spamming network promoted junk between 2002 and 2005, gumming up inboxes everywhere.
The U.S. Marshals are leading the search, with help from FBI, IRS and the Rocky Mountain Safe Streets Task Force. This time however they are sure not to take him back to Club Fed, but somewhere with a bit more security, and you can bet he’ll be in for a longer stretch of time too. This is providing that one of his spammed subjects doesn’t run into him first and tar and feather him. While this would make it a great disguise, it is sure to remove hair coming off (ouch).
If you are out looking for the spam king, be sure to imagine him without his royal accoutrements as pictured below.
In May 2008, McAfee set up 50 individuals from around the world with new laptops and email addresses and then had them surf for 30 days trolling for spam to discover “how much spam they would attract and what the effects would be, both short lived and long term”.
Every techie reading this is thinking the same thing, Well DUH, they got a crap load of spam and were really @%!#& annoyed by it. Really McAfee’s S.P.A.M. (Spammed Persistently All Month) Experiment amounts to pseudo news or a marketing campaign. That is not to say that it did not generate some useful data, but most of its conclusions are a no brainer.
Jump through to see what conclusions McAfee came to!