The state of spam: What to expect in 2009

Experts say new methods and hassles are on the horizon

Spam, oh spam -- can we ever get rid of you? 2008 saw a promising blow to the endless sea of junk mail, but the relief didn't last for long. Now, spam experts say new forms of annoyances are on the way for the new year.

"Some battles have been won in 2008, but the war is far from over," says Martin Thorborg, co-founder of SPAMfighter, a software development and spam research company.

[ What else can you expect in 2009? InfoWorld lays out some goals for the industry in "The top tech resolutions for 2009." | Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

So far, junk mail has managed to infiltrate only about 22 percent of its potential Internet territory, Thornberg says. That means more methods -- and, yes, more headaches -- are bound to be on the horizon.

The spam forecast

They may not have a doppler radar, but the SPAMfighter team has a full forecast -- and it doesn't look pretty. Here's what's topping the junk mail outlook for 2009:

• More social network spam. Spammers started bringing their ways to networks in increasing numbers throughout '08, and that trend is expected to climb quickly in the coming months.

• More complex networks behind the efforts. The shutdown of a Colorado hosting company in November had a significant effect because of its configuration: That single company served as the control center for the majority of botnets that were propagating unwanted messages. Researchers think as much as 75 percent of all junk mail was tied to that one place. Spammers will be smarter in 2009, SPAMfighter says, building more resilient and less centralized systems.

• More combined methods. Spam will be partnered with spyware and phishing tactics to create new kinds of "blended threats," SPAMfighter says.

• An increase in "spear phishing," or spam campaigns targeted to specific groups and interests. These might include messages tailored to employees of a particular company or organization, or even just to members of certain online networks. The messages are designed to look like official communications.

• A general rise in creativity. In 2008, SPAMfighter observed things like phishing attempts disguised as warnings against phishing. As even novice Internet users become more savvy, the disguises are likely to expand.

The spam equation

Many of the anti-spam precautions seem obvious -- but, obviously, everyone isn't taking them. The good news? The number of people still gullible is small. A recent University of California study (PDF) suggests only one in every 12.5 million spam messages gets a response.

The bad news? That tiny percentage is enough to generate $7,000 a day, or $3.5 million a year, for a decent-sized spam network, the study says. What's more, the activity could add as many as 8,500 new bots into the spam network every 24 hours.

While we'd love to track down those imbeciles actually ordering stuff from spam -- if you're one of them, please leave a comment below with your contact information -- the more realistic action is just to spend a few minutes talking about proper cyberprotection. So, if you're confident in your spam-fighting abilities, relax and enjoy a complimentary pumpkin muffin.* Otherwise, read on and reinforce your knowledge.

*Complimentary pumpkin muffins available only for PC World staff

Your spam protection plan

• Thinking about responding to an unsolicited message? Maybe a pleasant request to be removed from the list? Don't. End of story.

• The same goes for "delivery failure" messages. If you don't remember sending the message being referenced, hit delete and move on.

• Avoid giving out your primary e-mail address on any forum or blog site that you don't absolutely trust. Set up a secondary "junk" account for public distribution instead.

• Similarly, don't post your primary e-mail address on your own blog or Web site. Bots will find it and add you to their lists.

• Never send money, either for a purchase or donation, to any entity you learned about through an unsolicited message.

• This is old, but it still hasn't hit home for some folks: DON'T CLICK ON LINKS IN UNSOLICITED E-MAILS. If a message from your bank tells you to click to confirm your account, ignore it. Open up your browser and type in the bank's legit URL manually, then see if there's any real issue to be addressed.

Simple enough? I thought so. And, not to leave anyone out, we've arranged to commend your continued reading with a warm cinnamon sticky bun, on the house.** You're a strong soldier in the war against spam, dear friend. Welcome to the team.

**Warm cinnamon sticky bun offer valid only for the writer of this article.

PC World is an InfoWorld affiliate.

This story, "The state of spam: What to expect in 2009" was originally published by PCWorld.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies