 Sponsors |
|
 |
Be Visable
Register your webpage
on our directory FREE |
| Namibian Information |
|
|
|
|
Main Menu
|
|
|
|
|
|
|
|
|
|
|
|
Wednesday, December 19, 2007 - 02:52 PM, (325 Reads)
|
In the Internet's age of innocence, just a few short years ago, Spam was just a nuisance: mostly it was trying to sell something and most of it came from people simply exploiting the ability of the Internet to deliver millions of messages from their computer at minimal cost. Spam today is a much more sinister and dangerous beast and something has to be done to contain it.
.
Internet security specialist IronPort Systems, now a Cisco business unit, earlier this month issued a report on spam, viruses and malware, highlighting trends for 2007 and predictions for 2008 . It makes disturbing reading.
"Spam volume increased 100 percent, to more than 120 billion spam messages daily worldwide...about 20 spam messages per day for every man, woman and child on the planet," it said. And that was the least of the problem. "Spam has become more dangerous. Earlier versions of spam attacks were primarily selling some type of product. In 2007, more than 83 percent of spam contained a URL to a rogue Web server that was frequently serving malware. In accordance with a trend towards the blending of different malware techniques, URL-based viruses increased 256 percent."
2007, according to IronPort, was the year of spam attachments. "Spammers conducted trials of more than 20 different file attachment types to determine which had the best success rates. Rapid onset spam attacks became commonplace, with outbreaks spiking in volume very quickly and anti-spam companies scrambling to adapt. This left little reaction time, and many anti-spam customers found themselves re-evaluating anti-spam products that could not adapt."
And this spam is really dangerous stuff. "Many of the most malicious attacks start as a seemingly innocuous spam message with nothing more than a few words of text and a single URL. These messages often slip past traditional spam engines that are looking for keywords, or for graphics touting the latest stock spam. When they land in the recipient's inbox they have made it to the most sensitive part of the corporate network. All it takes is one errant click of the mouse and the payload is downloaded - providing full access to the user's computer, and possibly the internal network."
If that news wasn't bad enough, the outlook is even worse. "Spam volumes will continue to grow without limit. The underlying economics support this and it has profound implications for the anti-spam industry. As spam volumes grow, spam filters must increase their catch rates."
It's also likely that 2008 will see an even greater increase in spam volumes than 2007 because the spammers spent most of 2007 just getting into their stride. "2007 has been a year of trial and refinement for spammers. While the first half of the year did not bring a remarkable increase in the number of spam messages sent, spammers showed incredible persistence in testing and refining their attacks.
"Now that they have found significant weaknesses in the way that many spam engines handle URL-only messages, there will be an explosion on the order of the three-fold image spam increase seen in 2006. In fact, the past few months have already seen considerable uptick in worldwide spam volume. This trend is expected to continue through the holiday season, making the total amount of spam sent in 2007 larger than possibly all email sent in total since the medium was invented."
IronPort's recommendations as to how to combat this are entirely defensive. This is perhaps not surprising their focus is on providing network security technologies and services to enterprise and government end users. But for how long can this continue? IronPort notes that "The escalating investment required to [provide protection against spam] will drive consolidation of the anti-spam industry, as only a small number of vendors will have the resources to stay ahead of spam."
But what about the users? Protecting against spam is not core business. The expense provides no direct return on investment and is something the poor old IT manager has to justify largely by invoking the fear factor. "If we don't spend this money the whole IT infrastructure could collapse."
Added to that is the traffic load that spam puts on the Internet. Web monitoring company Pingdom measured the sizes of spam messages hitting its own server to calculate that the daily load of 120 billion spam messages quoted by IronPort represents traffic t of 512 terabytes a day.
The time is clearly long overdue for some concerted action by th world's governments to kill spam at source. The OECD thinks so too. Back in April 2006 I reported on iTWire that: "the OECD has urged governments and industry to adopt a more co-ordinated approach to battling spam, saying it has become damaging and costly for business and a regular weapon in the arsenal of cyber criminals."
What the OECD had done was to launch an Anti-Spam Toolkit, available online at www.oecd-antispam.org, that "gives policymakers a comprehensive package of concrete regulatory approaches, technical solutions, and industry initiatives to fight spam". That's a good start but goes nowhere near far enough.
There is now a global initiative against spam at Government level, the StopSpamAlliance , a joint international effort initiated by APEC, the EU's CNSA, ITU, the London Action Plan, OECD and the Seoul-Melbourne Anti-Spam group (formed by Australia's ACMA and its Korean Counterpart and one of the first inter-government anti-spam initiative). Five associate partners joined in 2007; the Asia-Pacific Telecommunity (APT), the Messaging Anti-Abuse Working Group (MAAWG), the Internet Society (ISOC), the Asia Pacific Coalition Against Unsolicited Commercial Email (APCAUCE), and CAUCE North America.
The objective of the StopSpamAlliance is "to help co-ordinate international action against spam and related threats more effectively by gathering information and resources improving information sharing among participating entities." The StopSpamAlliance website provides links to initiatives in anti-spam legislation and enforcement activities, consumer and business education, best practices, and international cooperation.
This is another good initiative but nowhere near enough. Judging by its website the alliance operates on a shoe-string budget. And appears to have no identifiable face, and no contact point.
I have not been able to find any assessment of the global economic impact of spam that factors in the cost of carrying it, of guarding against it and of the damage caused by its increasingly malicious intent. All the evidence, however, would suggest that this is now very significant and surely these latest comments form IronPort indicate that the time is long over due for much greater commitment by governments to stamping out spam at source.
There is a quote on the cover of the IronPort report, from the Pew Internet and American Life Project. "Spam…continues to degrade the integrity of email. Some 55 percent of email users say they have lost trust in email because of spam."
Unless something is done and done soon that figure is likely to be 80 or 90 percent.
Email to a friend  | Print this article  |
|
|
|
|
|
|
| OASYS Namibia (PTY) Ltd |
|
|
P.O.Box 2526
18 Strand Street
Swakopmund
Namibia
Tel:+264 64 405040
Fax:+264 64 405080
|
| African Countries |
|
|
|
| Login |
|
|
|
|
| Favourite FAQ |
|
|
|
|
|
