'Tis the season to send spam

Mass e-mailers traditionally bump up their activity as the year winds down. But this year, the amount of junk messages could be unprecedented, companies that make spam-busting tools say. And senders of unsolicited ads are already celebrating the close of the harvest season and the approach of Christmas.

"Just as legitimate vendors began stocking their shelves with holiday decor and gifts before Halloween, spammers started sending spam messages tailored to the holiday gift-giving season earlier this year," said Stephen Pao, vice president of product management at Barracuda Networks, a Mountain View, Calif., maker of security appliances.

In October, 63 billion junk messages were sent daily, on average, compared with 31 billion a year ago, according to data from IronPort Systems. Another antispam specialist, MessageLabs, reports that 88.7 percent of all e-mail sent in October was unsolicited. That percentage is expected to rise to nearly 90 percent in November and December.

That could add up to a huge pile of unwanted e-mail. IronPort predicts that the number of spam messages will average 78 billion a day in December, up from 38 billion last year.

Internet service providers and antispam companies are working hard to fight this onslaught of spam. But it's a game of cat-and-mouse, and right now, the spammers are slipping away, experts said. "The antispam vendors are struggling," said Natalie Lambert, an analyst at Forrester Research. "The best vendors are able to stop about 98 percent of spam." That still leaves 2 percent that gets through, which is a lot with the current, increasing spam levels, she added.

There's a holiday spam spike every year, because people are more likely to open the messages, experts said. Consumers are shopping online more, are desperate for gift ideas and expect electronic greeting cards. Spammers exploit all of that by sending fake order confirmations and e-cards and, of course, suggesting their products as gifts.

"People sell fake Rolexes via spam e-mail, and fake Rolexes make good holiday gifts," Pao said. "We expect that the amount of overall holiday-related spam to increase up to 50 percent during the week of Thanksgiving and continue through New Year's. It looks like this could turn out to be the largest, and longest, holiday spam season ever."

New tricks
There are a number of reasons for the rising tide of messages, experts say. For one, spammers are constantly looking for and finding new ways to reach unsuspecting people, said Miles Libbey, a product manager at Yahoo. "We continue to work tirelessly to make sure junk mail goes into the spam folder," he said. Yahoo, which operates one of the most popular free e-mail services, is using technology and collaborating with others to bust spam rings, Libbey said.

Technology advances are another driver. Spammers are using new tools to relay messages via networks of compromised, broadband-connected PCs called botnets. That means lot of the messages in that glut are being sent via PCs owned by unsuspecting people, who are probably busy eating their turkey and ham while the e-mail is being sent out.

At the same time, the mass-mailers have found new ways to circumvent filters meant to weed out unwanted messages. It's a perfect storm for spammers, experts said.

"During October, we started to see unprecedented spam levels--much higher than we have seen in previous years. This seems to be on the back of a Trojan that is much more robust," said Mark Sunner, a chief technology officer at MessageLabs.

A lot of the messages are being delivered using the new Trojan horse, called "SpamThru", which surfaced recently, Sunner said. Such malicious software typically gets onto Windows PCs via malicious Web sites or as an e-mail attachment disguised as something the user might want--a screen saver, for example. It may also creep onto a PC unbeknownst to the owner by exploiting a security hole.

"The technique is referred to as a spam cannon," Sunner said. "In a traditional botnet, the bot herder would connect to the network and send out spam messages one-by-one, kind of like a pea shooter. By contrast, SpamThru works like a mail merge."

SpamThru is unique because it uses peer-to-peer technology to share information with other compromised PCs. That information includes details on the control server, spam templates and all the peers each compromised computer knows about, a researcher at security company SecureWorks said.

The Trojan horse appears to be the handiwork of Russian programmers, SecureWorks added. Researchers found evidence that about 73,000 computers in 166 countries are part of the SpamThru botnet, adding up to a mighty spam cannon.

At the same time, junk e-mailers have gotten better at tricking filters, experts said. The latest techniques rely on e-mails that are simple text or that carry only an image. In the pure text messages, key words are often misspelled to throw off filters. The image-based junk is tough to sift out, because many spam filters can't see what's in the image.

"Sophisticated spammers generally design and test their messages against the current spam definitions of popular spam filters," Pao said.

All that unsolicited e-mail eats up a lot of bandwidth and can clog e-mail servers, not to mention inboxes. Last month, all the spam sent worldwide added up to 819 terabytes per day in data, compared with 275 terabytes a year ago, according to IronPort's research.

"The problem is that spam filters, even very good ones, catch a certain percentage of the spam. Even if they catch 99 percent of the spam, 1 percent of a big number can still be a very big number (of e-mails that do make it through)," said Tom Gillis, senior vice president of worldwide marketing at IronPort in San Bruno, Calif.

The economic impact from time wasted deleting spam was estimated to be $21.6 billion in 2004, according to the National Technology Readiness Survey, an annual survey conducted by Center for Excellence in Service at the University of Maryland's Robert H. Smith School of Business and Rockbridge Assoc.

"E-mail users are getting very frustrated, and ISPs and enterprises are paying for a lot of bandwidth," Forrester analyst Lambert said.

The continued increase in spam and the challenges of dealing with it suggest that Microsoft Chairman Bill Gates' prediction two years ago, that the spam problem would be solved by now, has not come true. "Spam is definitely a continuing problem," Lambert said.

Spam fighters haven't thrown in the towel. Companies such as Barracuda Networks, IronPort and MessageLabs are working to strengthen their spam filters. At the same time, e-mail service providers and Internet service providers such as Yahoo are trying to keep consumer in-boxes clean through technology and initiatives such as Sender ID and DomainKeys Identified Mail.

For now, though, it looks like people will be getting a lot of junk in the Christmas season.

"The amount of spam has been increasing over the past year--especially around the holidays. Really, it will only get worse," Lambert said.