Images Events Jobs Premium Services Media Kit Network Map E-mail Offers Vendor Solutions Webcasts
IT Management Webcasts:
Developing and Implementing a Rollout Plan

Asking the Right Questions

Using ITIL to Manage Virtualization

IT Portfolio Rationalization

Understanding the Role of the Configuration Management Database (CMDB) in ITIL

'They Did What?!'

More Business/IT Alignment Webcasts

More ITSM Webcasts

Search EarthWeb Network

Be a Commerce Partner
KVM Switches
Promotional Products
Talent Contest
Promote Your Website
PDA Phones & Cases
Health Insurance
CSS Web Templates
Get Bonus Tones
Corporate Gifts
Desktop Computers
Flights Hotels & Cars

Travel Ideas:
Huatulco Vacations
Copper Mountain Ski
Telluride Hotels
Colorado Vacation Rentals
Destin Hotels
Miami Hotel
Orlando Vacations
IT Management : Columns : Executive Tech: Has the 'SpamThru' Trojan Doubled Spam or Not?

Just click on the webcast of your choice to register:
How to Keep Your Remote Data Secure and Available
March 21, 2007 (2 p.m. EDT, 11 a.m. PDT)
Ever-increasing amounts of data continues to be accessed, generated and stored in remote office branch offices (ROBO) environments. Given the increasing threats to information and privacy concerns, data for ROBO environments needs to be protected in a timely and effective manner. Learn about your options for protecting ROBO data.
Register Now >
Thwarting Targeted Attacks
March 29, 2007 (2 p.m. EDT, 11 a.m. PDT)
Organizations continue to face threats from random acts of IT malice launched by amateurs. But the real danger comes from professionals targeting specific people or organizations. Attend this webcast and learn what you can do to prepare your organization for focused and determined attempts to exploit both their personnel and networks.
Register Now >
They Did What!?—Steps to Reducing Business and IT Miscommunication
March 19, 2007 (2 p.m. EDT, 11 a.m. PDT)
Nearly every IT manager has experienced a miscommunication with the business side that caused big problems. Not only is miscommunication between IT and the business almost universal, it can happen both ways. Learn about the steps you can take to reduce miscommunication.
Register Now >
Chilling Changes in the Server Room
March 20, 2007 (2 p.m. EDT, 11 a.m. PDT)
The more your organization depends upon the network and your servers, the more heat they produce and the more power they consume. Learn about technological and data center changes that are driving your cooling bills through the roof and what you can do to stave off higher cooling bills and power costs.
Register Now >

Related Articles
Linux and Vista on a Mac, Part Two
Vista: What's In It for You?
The Future of ERP
- ITSMWatch Newsletter -
IT Focus
Coping With Compliance

Sarbanes-Oxley and other reporting requirements have greatly complicated the jobs of many IT professionals. These articles include advice, information and tips for effectively managing your compliance efforts.

Looking for the Silver Lining

Compliance Threatened by Archive Failures

10 Tips for Managing 404 Compliance

Sharing the Burden of Compliance

Corporate Compliance Regulations and Standards

Product Watch
VMware ACE - Secure Virtual PC Environments for Remote, Guest Users
WebEx PCNow - Remote Access to a PC Via the Web
Illuminator Virtual Recovery Engine - Application-Aware Recovery Management Platform
SecuBox for Pocket PC - Encrypt Pocket PC, Windows Smartphone
Linksys Managed Switches - Small Business/Branch Switches In Stackables and Standalones

more products >>

Datamation Definitions
data mining
grid computing
network appliance
FREE Tech Newsletters

Are blades right for you? Don't guess. Assess. IBM BladeCenter can simplify your infrastructure. This online tool, co-sponsored by AMD™ Opteron™, helps determine if blades are right for you.

Has the 'SpamThru' Trojan Doubled Spam or Not?
December 12, 2006
By Brian Livingston

Brian Livingston Screaming headlines in the past few days have proclaimed that unsolicited bulk e-mail -- known universally as spam -- has broken all known records. But is this really the case, or does it just seem like it?

"Spam Doubles," proclaimed the New York Times in an article on Dec. 6 (free registration required).

Much of the blame is laid on a Trojan horse named "SpamThru" that has taken over approximately 73,000 PCs, according to a recent eWeek analysis. The robotic network of computers, reportedly directed by Russian hackers, silently pumps out millions of spam e-mails a day.

There's no question that new spam techniques are sneaking a lot of spam through filtering systems that previously were fairly effective. But has the volume of spam actually doubled?

How Fast Is It Doubling?

Of course, any business that's growing at a steady rate will double eventually, so I could write headlines such as, "Fast Food Consumption Doubles!" and I'd be 100 percent correct, if I didn't provide any time frame.

One antispam expert believes that SpamThru hasn't actually doubled the volume of spam. Instead, he says the Trojan bot network of so-called zombie PCs has proven itself to be twice as effective as other spam at getting through filters. That's actually a much scarier fact than the headlines have made clear.

The Degree of Control That Spammers Now Have

Richi Jennings is a London-based analyst for Ferris Research, which publishes reports on corporate messaging from its headquarters in San Francisco. "More spam is reaching the inbox," he says, "so naive commentators wrongly assume that a doubling of spam in the inbox equals a doubling of spam on the Internet."

His company's research indicates:

Spam increased up to 20 percent in the 4th quarter of 2006 to date, compared with the average from the first three quarters of the year. But the spam that actually made it into peoples' inboxes increased 100 percent in the same time frame.

Spam messages that use images to convey content are circumventing filters. "New botnets are employing content-morphing tricks that are fooling many vendors' content filters," Jennings says, "so more spam reaches the inbox." These tricks include varying the size of the images a slight amount in different spams. As a result, the messages don't have identical signatures that filters can learn to catch.

More images mean more bytes. "The image-spam messages tend to be about 10 times bigger than 'normal' messages," according to Jennings. That means a median size of about 30 KB for the image-bearing spams compared with 3 KB for legitimate e-mails. "So spam volumes are now much higher in terms of bits on the wire."

"Greylisting" is being defeated by the bots. Legitimate mail servers comply with requests from other servers' to wait a few seconds before sending anything. White-hat mail administrators use this fact as a defensive technique known as "greylisting." Spamming software used to immediately give up, moving on rather than pausing. The spammers have now hijacked so many computers that they can afford to obey wait requests, just like normal servers, Jennings explains.

Spammers have cracked major sources of e-mail addresses. To optimize one of their scams -- a "pump and dump" scheme that manipulates penny stocks -- the SpamThru hackers have reportedly broken into several databases of people who can trade equities. "I know of several occurrences of this with brokerages and financial websites recently," Jennings states, declining to name any. "It seems that some organizations aren't savvy to the risk of these subscriber databases being pilfered."

The numbers favor the spammers. The size that the bot networks have grown to is making them much harder to root out. The hackers behind the bots, Jennings says, "can send fewer messages per zombie, because the network is bigger, so they stay under the radar longer." Antispam blocklists have a harder time identifying and banning these individual PCs, which are the source of the spam.

Not everyone agrees with Ferris Research's point of view. Postini Inc., a major antispam service provider, for example, announced last month that spam rose 59 percent in the past two months and 120 percent compared with one year ago. Jennings explains that he trusts the statistics he gets from other sources, such as Commtouch and MessageLabs.

Say Thank-You While Spammers Steal From You

Whatever the actual statistics are, it's clear that spammers are making headway on their profitable activities. They may already have gained enough resources to defeat white-hat defenses permanently.

A notorious U.S.-based spammer, Jeremy Jaynes, was convicted of spamming by a Virginia court in November 2004 and sentenced to nine years in prison. (The decision was upheld in September and prosecutors are pressing for the jail time to begin immediately, according to antispam organization Spamhaus.) Testimony during the trial showed that Jaynes sent millions of spams a day, netting $350,000 to $700,000 a month after bandwidth charges, despite the fact that only 1 in 30,000 recipients purchased anything, according to Spamfo, an information site.

With that kind of money at stake, it's not hard to see why spammers are outstripping the ability of white hats to stop them.

Regarding the penny stocks that the SpamThru group likes to promote, researchers Jonathan Zittrain and Laura Frieder reported in July that a great deal of cash can be made. Spammers who buy such thinly traded stocks -- which they then promote in millions of spams – can make 5.79 percent returns in a single day, the study found. The suckers who buy the touted stocks lose an average of approximately 5.5 percent within two days, before paying brokerage fees. Repeat that process over many weeks and you're talking real profits.

Ending the Scourge of Spam

A big part of the spam problem is the fact that the United States, unlike jurisdictions such as the European Union and Australia, has not made spamming a serious crime. The so-called Can-Spam Act, passed by Congress in 2003, actually makes sending spam perfectly legal, as long as it bears some street address and links to an unsubscribe process (which is bogus, in the case of most spam).

The Direct Marketing Association of the U.S., an association that claims 54 of the Fortune 100 as members, lobbied strongly in 2003 for such weak legislation. It's now obvious that the law is a failure.

Having a tough U.S. law wouldn't magically eliminate spam by itself. But trying to stop shadowy, profitable activities is almost impossible if they aren't illegal. Only the existence of a Virginia law with real teeth tripped up Jeremy Jaynes. A strong U.S. law could go a long way towards catching even more spammers.

About 66 percent of the 123 top spammers -- who reportedly send 80 percent of all spam worldwide -- are based in the U.S., according to a listing maintained by Spamhaus. And once spamming is recognized for the massive criminal operation that it is, it's not impossible for countries to apprehend violators, no matter what part of the world they may operate in.

In this instance, unfortunately, weak laws in the U.S. are allowing a bad problem to become much, more worse.

Time for an Executive Break

The Executive Tech column is off for the holidays from Dec. 19, 2006, through Jan. 9, 2007. The next installment will appear on Jan. 17, when the column switches to publication on Wednesdays. Have a joyous season.

Brian Livingston is the editor of and the co-author of Windows Vista Secrets and 10 other books. Send story ideas to him via his contact page. To subscribe free and receive Executive Tech via e-mail, visit our signup page.

Executive Tech Archives

JupiterWeb networks:

Search JupiterWeb:

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Newsletters | Tech Jobs | E-mail Offers