Add to del.icio.us     Digg this

Mar. 15, 2007

More and more today, the relationship (if you can call that a relationship!) between email spammers and the many anti-spam organizations that are working together to stop their work from reaching in-boxes is a well-documented game of cat and mouse.

Not surprisingly, the technological "arms race" has swung both ways, always growing more sophisticated, while at the same time inviting rampant speculation on many fronts.

However, some anti-spam operators say that there are recent events that have led to new expectations among the anti-spam operatives for what the future may hold soon.

"Since March 12, new patterns in spam behavior paint a picture of an infrastructure behind the unwanted email that may be larger and ever more capable than the Web community had previously imagined," says Scott Cutler, executive V.P. at anti-spam and email security firm AppRiver.

Around the end of 2005 and beginning of 2006, overall spam numbers were actually slipping a bit. Some analysts had been speculating since 2004 that the sophistication in anti-spam technology might mean the end of spam by last year!

However, since the lower spam numbers of early 2006, the situation has drastically and clearly shifted in favor of spammers. Cutler says "I remember looking at our own data in that mid-September range of 2006." "Our volumes went up between 4 and 20 times what they had been at the previous highs. We really started noticing this during the summer. Usually, summer is a slow period for many. It's like spammers take some vacations too I guess."

Cutler added "you usually see less spam during the summer period. But in 2006 it never happened. The overall volume we saw over that period was growing rapidly. And starting around September we saw the volume skyrocket to even higher levels we had never seen before."

Along with the volume, the number of new campaigns increased, and the rate at which those campaigns were mutating to avoid detection by anti-spam rules also increased drastically. "The spammers are getting better and more efficient," says Cutler.

"Effectively what they're doing is they're trying to make the spam just like person-to-person communications if you can believe it! The more they can get rid of the contrast between what a spam message looks like and what a regular human-to-human email looks like, the more difficult it is for us. So we are spending a lot of time trying to find those minute, subtle differences that trigger our spam filters that this is not like a regular person-to-person email," said Cutler.

Spammers spend an increasing amount of time everyday figuring out how to morph the message into what looks like a real, bona-fide and legitimate e-mail, and this is exactly what we are trying to go after."

On any given day of the week, AppRiver issues thousands of new spam signatures for identifying possible spammy emails. Overall, between 2,000 and 4,000 before breakfast alone! Ordinarily, some of those rules demonstrate a particular strength at catching spam, and are kept in circulation as AppRiver's strongest rules. But that has changed.

In February, the number of maximum-strength rules has dropped off, almost to none. Cutler says it's a change the company has identified as taking place on about January 24, that went on into the first week of February.

Cutler says "I think they're seeing some kind of feedback on when we've capturing it and when we haven't. As soon as they see us capturing it, they're starting a whole new campaign. Otherwise those rules would get stronger and stronger, but they've fallen off since."

Given the nature of this cat and mouse game, Cutler can't say what AppRiver plans to do with that realization. But in a sense, it's more of 'déja vu' all over again.

Increasingly today, anti-spam developers and vendors are constantly reacting to all the trash spammers send out everyday. Their research teams can attempt to predict what spammers might try next, and when they're right, they can put themselves in a better position to react more quickly to new tactics.

However, ultimately blocking spam is about responding fast to all the constant changes from the spammers. Forget about spam being dead by 2007 or any other year. In fact, says Cutler, 2006 has revealed spam is growing at an alarming rate.

Quite possibly, spammers have the potential to produce spam faster, and in greater quantities than they already are, and this is very disturbing for the Internet community. It may actually be the spammers themselves maintaining the status quo as a matter of self preservation and profit.

Some spammers generate enough spam to make some good money, but not so much that the Internet community would consider a drastic and disruptive change to the Internet's basic systems. Spammers may be sitting on years worth of ideas, waiting to introduce them at a rate that won't disrupt their businesses in any way...

Cutler added "I wouldn't be surprised at all if they have all kinds of tricks up their sleeves. If you talked to our networking people, they'd be willing to believe that it's true. They have lots of tricks and a lot of things they can do to continue to randomize and deliver spam email."

"However, spammers deliver it at a rate that's consistent with their goals and doesn't overwhelm the infrastructure to the point where some radical change happens that makes their world a lot more difficult to play in," said Cutler.

Add to del.icio.us     Digg this

Source: The WHIR