Despite sophistication in ISP e-mail delivery policies and developments by malware services firms, this past year saw spam hit an all time high. According to spam detection services firm Symantec, which monitors more than 450 million inboxes worldwide, spam grew to more than 70% of overall e-mail traffic in 2007.
The reason for this growth is twofold, according to Ross Fubini, senior director of engineering at Symantec.
“There is a lot more money to be made on spam attacks, and spammers are getting more sophisticated,” he said. “Pump-and-dump stock scams — spam that encourages recipients to buy inflated penny stocks at cheap rates, after which spammers sell the stock to profit and then drop the value of the stock — are very profitable.”
As e-mail marketers themselves are embracing new technologies, so are criminals. According to malware detection firm IronPost, spam has become less focused on selling products and more focused on growing spam networks.
“Earlier versions of spam attacks were primarily selling some type of product such as pharmaceuticals or low interest mortgages,” said Jon Orbeton, strategic product marketing manager at IronPort. “Today’s spam includes an increasing amount of links that point to Web sites distributing malware. This malware is often designed to further extend the size and scale of the bot network that originated the spam in the first place.”
Botnet spam messages are sent out from a host computer, or zombie. These computers can host these botnets for months before being triggered to send spam, usually millions of messages in a very short period of time. This makes them difficult to track and shut down.
While image spam has all but gone away this fall, spammers are sending more complicated attachment spam, including PDF spam. Adding to this, according to Symantec’s November State of Spam report, October saw the emergence of mp3 spam. These types of spam attach files containing infected code.
For e-mail marketers, this is an issue affecting the legitimacy of the channel. Ironport estimates that there are more than 120 billion spam messages daily, or about 20 spam messages per day for every person on the planet. This means that the average consumer spends five to 10 minutes a day dealing with spam, which could be spent reading legitimate marketing messages.
Worse yet, it could mean that consumers are getting locked out. Last week, Google’s Gmail experienced a false positive issue, in which the online giant tried to block spammers from using its platform to send malicious e-mail and instead stopped a number of legitimate consumers from logging on. It was fixed after a few days, but the as the spam problem escalates, so does the aggravation of not getting timely messages sent to consumers.
As 2008 rounds the corner, spam will only become more sophisticated.
“I think we will see an evolution of different attachment types in spam,” Fubini predicted. “Attacks are also being targeted to real events, like the subprime mortgage market. I expect to see more of these attacks, as well as seeing spam move into social networks, IM and SMS.”