The trick was noted on several security lists, as the number of junk e-mail messages sporting digital signatures has apparently increased. Digital signatures are used in e-mail to attest to the validity and integrity of an e-mail message;
Get Up to Speed on...
Get the latest headlines and
company-specific news in our
expanded GUTS section.
The new spam tactic was likely introduced to fool a popular open-source e-mail filtering program known as SpamAssassin, said Rand Wacker, director of product strategy and planning for e-mail software maker Sendmail. Wacker said the openness of the program's development allows spammers to develop tricks to fool the software.
"Since SpamAssassin is built in a very transparent way in how it does its filtering, we see a lot of spam that is directly targeted at getting past SpamAssassin," Wacker said. Sendmail's own spam program, Mailstream, wouldn't be fooled by the technique because it doesn't give better scores to signed e-mail messages. Filters frequently use a scoring system to evaluate whether a particular message is spam or legitimate.
The attack on the software's filtering process highlights the dangers of open-source projects, but it also reinforces the ability of projects with active development teams to quickly respond to such security holes.
Security experts frequently dismiss the, saying that such "security through obscurity" does not work. Although open-source software errors are easier to find, it generally means that . Jim Allchin, Microsoft's senior vice president for Windows, admitted in testimony during the Microsoft trial that switching Windows from a closed-source to an open-source development process would .
For SpamAssassin, the signature problem only affects the 2.5 series of the software. The trick will increase the amount of spam that gets through mail gateways that use versions prior to 2.60 of the program, said a developer.
"Older versions of SpamAssassin had a rule which would (make it more likely an e-mail would pass), if it found something that looked like a PGP signature in the message," Theo Van Dinter, lead developer for the open-source SpamAssassin project, said in an e-mail to CNET News.com. Van Dinter said such rules had been removed from the latest versions of the program. "So if spammers are actually trying to forge that rule, it doesn't do them any good on a properly updated machine," he said.
Spam has become. Unsolicited bulk e-mail ; some reports put the ratio as high as 1-in-2. Some spammers apparently are resorting to spreading viruses as well: Many security experts believe that the .
Such tricks, and the fact that bulk e-mail volume is increasing to offset lower success rates, show that spammers are trying hard to beat new defenses, said Justin Mason, senior antispam software engineer for security company Network Associates. The company's own e-mail filter software, Spam Killer, is based on SpamAssassin, but it has been changed enough to foil signed junk e-mail; Network Associates.
"A lot of their tricks don't work that well," Mason said. "There is quite a lot of desperation really."