Virus and Spam

Spam Email

The purpose of this bulletin is to give a brief overview of the problem of “spam”. Spam is email that you may receive from a completely unknown source, almost always unwanted, and very often potentially dangerous. It is important to be aware of the dangers of spam, because it is often used by individuals with criminal intent to perpetrate identity fraud.

Spammers’ Objectives

Most spammers are legitimate, albeit obnoxious, business people who are merely trying to make a profit selling goods and services. However, there is also a significant sector of the spammer world that is composed of criminal elements. Organized criminal elements from various parts of the world are often involved in the spam business. For this reason, it is important to understand that spam can be very dangerous.

Spammers’ Methods – Mailing List Builders and Sellers

Legitimate businesses exist worldwide which compile and sell mailing lists of email addresses. Email mailing lists are very valuable because for the cost of a few pennies, it is possible to email potential customers or victims numbering in the millions located in all 200+ countries worldwide—something which would cost millions of dollars to implement using conventional “snail” mail.

Emailing list companies harvest email addresses legitimately, illegitimately, and also “methodically”. For example, emailing list companies will take a known email address and run a computer program to generate “educated guesses” about email addresses within the home institution from which the email address originated.

The method works like this:

If the email address for John Smith at Wilson College or the company is known to be:      

The email list company will send out a blastogram that would span a range of addresses such as:             

….. etc ….                              ….. etc ….     

Addresses that generate “unknown address” messages are simply crossed off their list. Those that don’t are addedautomatically to their list.

PLEASE NOTE - For safety and security reasons, the Wilson College email server DOES NOT respond AT ALL to messages sent to invalid addresses. These messages are just deleted. More and more administrators are adopting this policy to block these types of attacks.

As you can imagine, if it is your business to generate emails, and you have the technical means, it is not hard to generate emailing lists with literally millions of email addresses.

Email mailing list vendors also routinely troll websites to harvest email addresses. So, for example, we must take for granted that any email address posted on the Wilson College website will inevitably end up on emailing vendors’ lists. Then, those vendors will generate “educated guesses”, as described above, to add names to their lists.

Legitimate vendors are genuinely respectful of those wishing to be crossed off of their lists. However, the illegitimate vendors merely use “unsubscribe” messages to confirm vulnerable victims! Therefore, if you receive spam from an unknown source, it is best NOT to follow the “unsubscribe” process offered by the spammer. More about this later.

Such spammer emailing lists can be bought on the open market. Their price will depend on their size, quality, and reputability.

Spam Filters – How They Work, How They Fail

In a good year, the problem of spam can cost US businesses millions of dollars per year. Spam clogs up circuits and storage space, both of which cost money to make available for legitimate usage. Furthermore, spam is often also the “infectious pathogen” for criminal schemes, and computer viruses. Businesses keep their cases of victimization confidential, because it does not make them look good. However, it should be noted that some spam-propagated viruses in the past few years have brought the Fortune 500’s email systems to their knees for periods of up to 48 hours.

Spam filtering companies work on principles similar to those used by email address list builders. Filtering companies harvest spam and build databases that identify: (1) senders (originating email addresses) (2) subject lines, and (3) message content. This database data is then constantly fed to the customers of the spam filtering companies. Spam filtering software scans incoming email messages for patterns matching the spam filtering database records, and eliminates those that match the identified patterns.

Spammers try to get around filtering software by varying the “patterns” of their spam. Spammers will constantly change their “sender” email address, using legitimate and illegitimate methods. Then, they will inject characters, digits, and text randomly into the subject lines and message text fields to degrade the identifiable patterns used by spam filtering software. This explains why much spam today contains seemingly bizarre or nonsensical characters or strings of text (often classical poetry) that seems completely unrelated to the purpose of the message.

Worldwide Spam Problem

A December 6, 2006 article in the New York Times noted that in 2003, Bill Gates had predicted that the spam problem would be solved by 2006. Spam received by businesses was significantly reduced in early 2006. However, in the second half of 2006 there was a resurgence of spam received by businesses even greater than before. Currently, the problem of spam is seen in terms of crisis proportions, because spammers’ techniques for evading spam filtering technologies are in ascendancy.

The most successful current technique that spammers are using is to transfer their messages to picture formats (jpg or gif files) and embed them in emails containing random and meaningless text. This type of spam is known as image spam. Spam filtering companies are working on new ways to filter this type of spam, but have not yet developed a way to filter out image spam.

Spam-filterers (the Good Guys) are constantly chasing a moving target. Right now, the bad guys are winning. We’ll keep you posted.

You can view a recent chart of the global spam epidemic published by Commtouch Software by clicking here

Bulletin Date: 10 April 2007