Mad Dog 21/21: Greetings Season
December 18, 2006 Hesh Wiener
When it comes to getting mail, the best thing that happens this time of year is the arrival of Christmas cards. It’s nice to hear from people who, without the greeting card tradition, might not get in touch at all. The same can’t be said about e-mail, particularly this year. Any electronic greetings you receive will be grains in a mountain of spam chaff. This year’s spam mountain is likely to be the biggest ever. When the holiday season ends, the spam will not stop; if anything, it’s likely to increase. And there’s worse to come.
The number of spam messages is not only growing, but the messages themselves are becoming more effective. Spammers have become pretty adept at outfoxing the filtering technology in e-mail systems’ firewalls and e-mail servers’ spam detection engines. There are a number of reasons for this. The spammers have guessed, with unfortunate accuracy, that popular anti-spam hardware and software used by most recipients cannot or will not keep up. To a significant extent, this failure to keep up with the problem is not inevitable. Basically, while the spammers are going to remain inventive, their spam will always be subject to filtering because it has a lot in common with Christmas cards.
Henry Cole, sometimes called Old King Cole, was one of Victorian England’s great modernizers. He brought the British postal system to a very high state of organization and efficiency. He helped establish the National Archives. He founded some wonderful museums and educational institutions. And in 1843, he invented the Christmas card.
Cole’s Christmas card concept was simple enough. He had a long list of people he wanted to greet during the holiday season, and a longer list of other things he had to do. The answer was to send a printed card to everyone, adding only a signature and possible a very brief note to each. As we all know, Cole’s idea really caught on.
Spammers want to do the same thing. They have some kind of message to get out, they want to send it to a long list of people, and they have lots of other things do to with their time. So they take a standard message, personalize it only enough to make it more difficult for filtering software to spot, and send it off.
People who want to block spam have to take advantage of this basic characteristic of the stuff and then either delete the messages or file them for later review. The filing option provides a safety net, one that can be pretty important. Spam filters can erroneously classify legitimate e-mail as spam, and until they are forced to do otherwise, become as unjustifiably confident in their decision as a politician holding out against a critic. That’s why spam filtering systems include whitelists and, often, procedures to make the software more discerning.
Nevertheless, spammers pay a lot of attention to the way legitimate e-mail looks, and that helps them disguise their unwanted messages as proper business communications.
The best current example of this is the use of graphics rather than text to get the spam message across. The graphic in a spam might look like a corporate logo or another informational image to filtering software and thereby escape detection. As long as there are lots of legit e-mails bearing images, some spam filters (and possibly most of them) can be fooled. This is the case even though one of the most widely used types of image spam uses techniques that have a distinctive aspect, a characteristic that filters can be trained to detect.
The two most abundant image spams this season are pill peddling messages and stock tout e-mails. In both cases, the spammers will tuck the image into an e-mail because if they use the alternative method for including an image within a message, using a link to an image on a server, the linked image can be detected and blocked. Businesses that send out lots of e-mail with images generally use the link method, not only because it gives them control over the image, but also because it makes the e-mail smaller and therefore cheaper to send.
Another trick used by lots of spammers is to send from dispersed locations using computers that have been invaded by malware that turns them into spamming engines. A single PC sitting on a broadband line can send out a lot of e-mails in a short time. Nobody really knows how many computers have been turned into spam robots, but the number is probably in the thousands and possibly in the tens of thousands. Security software can catch this spamming malware and clean up a zombie computer, but not all computers have security software that is up to date and that regularly scans machines in case something bad got by before the software’s definitions got updated to catch the latest nasties.
The use of zombie machines makes it difficult for spam blocking technology to pinpoint the source of unwanted messages, although to some extent it is possible to assign a probability to spam based on the country where the sending system’s IP is located. That probability can tip the scales in favor of spam and be combined with other measures of a message’s legitimacy when the spam versus ham decision has to be made.
The zombie problem could become a lot worse during the next few years because well-intentioned technology zealots at MIT behind the One Laptop Per Child project want to make PCs widely available to the poor at a cost of one or two hundred bucks a machine. These cheap PCs might not include security software, but they might be capable of using wireless or wired broadband. The combination could be deadly, unless the people who are trying to steer the cheap PC movement deal with spam and malware the way we treat communicable diseases. If the cheap PC advocates who have become media darlings don’t stop basking in their glory and take a broader view of their social responsibilities, they will end up looking like the companies that sell powdered baby formula in the third world where it becomes diluted so much it’s deadly, not healthy.
We’re more optimistic about the prospects for a safe, cheap PC than for changes in the law that would make Viagra an over-the-counter medicine and thereby cut the pill racket off at its source. But we doubt that safe, cheap PCs would stop spamming; at best they would add a barrier to one potential source of spam volume growth. Also, making cheap PCs safe would save advocates of the devices from ignominy they really don’t deserve.
Some of the patterns that characterize spam these days are likely to be self-limiting. Quite a lot of spam originates in China, Russia, other Eastern European countries, as well as Latin America. In other words, it comes from places where there is less accountability than in wealthier civilizations. All these less privileged parts of the world are striving to catch up with richer nations, and that will ultimately lead to higher accountability standards among computer users. But for now, plenty of organizations seeking to block spam routinely classify all e-mails from spammer nations as spam and then relent on a sender-by-sender basis using whitelists. Legitimate parties in these quarantined regions no more resemble actual spammers than the Old King Cole of Victorian England resembles the real Old King Cole (alternatively Coel), of Roman Wales or maybe Roman Northern England or possibly Southern Scotland.
The identity of the original Old King Cole, the one in the nursery rhyme, is a matter of dispute among historians, but the odds are he was Cole Hen, which apparently means Cole the Old in Old Welsh, a fellow who might have been around in the years 350 to 420. During his lifetime, the Romans were busy cutting and running as their empire declined, so he might have begun his career as a Roman duke and ended it as a spinoff boss of his own realm. There are a few other ancient big shots with the name Cole, and it’s possible any of them as well as later figures who were merchant kings, not political kings, inspired the children’s poem. Whatever the facts of the matter, the myth and the rhyme form the basis of an excellent Maxfield Parrish painting that graces what may be the most elegant bar in all of New York, at the St Regis Hotel. If you go there, order a Red Snapper; it’s the best Bloody Mary you’ll ever have.
The e-mail security specialists who fight spam and malware probably don’t have time for a leisurely drink at the King Cole Bar. They are up against greed and lust, and not just the greed and lust of the spammers. They have to battle the greed and lust of the people using the Internet, and that’s an endless fight.
The high volume spam, the stuff that keeps coming at you because, obviously, it makes money for the spammers, includes a few kinds of spam in addition to pill pushing and stock touting. It includes a lot of promotion for salacious material, some of it impressively obscene. It also touts purported sources of credit, particularly credit related to housing, stuff from outfits that say they will happily lend you a million bucks for a third mortgage on your outhouse even if you happen to be in debtors’ prison. There are also a lot of spams with a consumer product theme, principally the kind that offer you gift certificates under various conditions and the kind that start by asking your opinion on some topic.
An additional kind of spam that’s particularly dangerous is the scam spam, and two kinds stand out. One is the 419 type (named after a section of the Nigerian criminal code that makes this sort of thing non-kosher) offering a ton of money if only you’ll help some unfortunate soul recover funds properly or improperly in the hands of a third party but rightfully, according to the message, the property of the person who begs your kind assistance. The other hot one is the phishing scam spam, in which you are warned that your credit card or bank account at the Last National Bank is about to be deep-sixed if you don’t confirm your identity right away.
If you find these scams so easy to spot they make you laugh rather than react, count yourself lucky. After years of experience, the people who send these spams are still at it. Somehow, somewhere, they are coming out well ahead.
All these spams are actually easier to detect and trap than most people realize. Sure, it takes a little work and money. Also, spam trapping is a process, not a one-shot cure, so it takes devotion and persistence. But it is perfectly reasonable to support systems and procedures that catch all but one or two percent of the stuff and also provide a clear path for valid e-mails.
Keep your hopes up and have a Happy New Year, in which we will make our best effort to make this organ of the press bigger, stronger, and more pleasing. So to speak.