Computer security analysts who fight spam face the same thankless task as goalkeepers: They don't get much credit for the
unsolicited e-mail they stop, only demerits for the ones that get through.
But those few messages that wriggle past increasingly sophisticated filters constitute the greatest threats on the Internet. The messages range from relatively harmless pitches for human growth hormones
to ones with malicious code attached that could steal passwords or documents from a machine.
The sheer volume of spam still threatens to bring the Internet to a crisis point. Up to 90 percent of all e-mail traffic is spam, a figure that has
crept upward in recent years. The forecast isn't good, either.
"We see spam just going up to the point where Internet servers start having difficulty," said Steven Linford, chief executive
officer of Spamhaus, a London nonprofit organization that generates a list used by technology companies and organizations
running e-mail servers to block spam.
"Spam will tend to increase to where it will be 99 percent of all e-mail on the Internet," he said. "At that point, governments
will start to take notice."
The front line of defense for most computers connected to the Internet is anti-spam software that tries to determine whether
a message is legitimate. Anti-spam software uses a number of methods to make that decision.
The software can block messages coming from a particular IP (Internet Protocol) address of a computer known to send spam.
Messages containing links to potentially harmful Web sites can be halted using URL (uniform resource locator) filtering. Security
vendors can tweak special "rules" for their anti-spam engines, such as blocking messages containing certain kinds of text
identified as common to spam.
Anti-spam software usually aims to filter out 98 percent of bad messages -- any higher level of filtering tends to snag real
messages and cut off critical business communication.
So spammers are aiming for the narrow, 2 percent window -- and even in the last few months have honed new methods to hit the
inbox bull's eye, experts say.
Sophos, one of many security vendors with anti-spam software, has analysts stationed at four labs -- in Abingdon, England,
Vancouver, Boston, and Sydney -- watching the Internet 24 hours a day, seven days a week for threatening spam and malicious
software.
Sophos' lab in Abingdon doesn't look much different from any other office. But it's mission control for security analysts
with special rules: no computers or electronic equipment can be brought inside, and the room remains locked.
While Sophos catches hundreds of new malware and spam samples a day, many can be stopped immediately using software if the
samples show similar characteristics to known problem code.
New, unique ones are prioritized and doled out to researchers for inspection, and Sophos quickly updates its software to block
them.
"We're unusual in the respect that we like to receive spam," said Mark Harris, director of the lab.
That's because spam does leave a trail, albeit one that's often a confusing series of hops between servers around the world.
But those clues are enough to block it.
Sophos catches spam in "traps" -- abandoned e-mail addresses and domains that have been donated for the purpose of spam research.
Messages sent to those addresses are invariably spam, the first clue a message is garbage.
On a recent day, Paul Baccas, a spam research analyst, pulled duty. A message entitled "Let's go" caught his attention after
it landed in a spam trap of addresses monitored by Sophos that belonged to a telecommunications company that went bust six
years ago.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
