Forgot your password?
typodupeerror
Botnet Security Spam IT

Malicious Spam Jumps To 3B Messages Per Day 211

Posted by kdawson
from the with-a-b dept.
Trailrunner7 writes "Last year saw a monstrous increase in the volume of malicious spam, according to a new report (PDF). In the second half of 2009, the number of spam messages sent per day skyrocketed from 600 million to three billion, according to new research. For some time now, spam has been accounting for 90 or more percent of all email messages. But the volume of spam had been relatively steady in the last couple of years. Now, the emergence of several large-scale botnets, including Zeus and Koobface, has led to an enormous spike in the volume of spam."
This discussion has been archived. No new comments can be posted.

Malicious Spam Jumps To 3B Messages Per Day

Comments Filter:
  • by Anonymous Coward on Tuesday February 16, 2010 @03:46PM (#31159178)

    What about delicious spam?

  • Oh really? (Score:5, Insightful)

    by B5_geek (638928) on Tuesday February 16, 2010 @03:51PM (#31159238)

    And I still see less then 1 per month in my Inbox.
    _THIS_ is the price I am willing to pay to allow Google to filter my email.

    • by 49152 (690909)

      I see about the same amount. Some times it goes months with no spam then I get two or three in a week. I reckon the spammers are constantly adjusting their techniques to try to get through the filters.

      We are a small company running our own email server. Ubuntu Server with Postfix, spamassasin and all the trimmings.

      I redirect all spam to an imap account I set up for the purpose, just in case we need to get hold of some blocked message. The last two years this has not been necessary. But I browse through this

    • Re: (Score:3, Insightful)

      by Jugalator (259273)

      And I still see less then 1 per month in my Inbox.
      _THIS_ is the price I am willing to pay to allow Google to filter my email.

      Hear, hear. I was very surprised when I recently checked my spam volume. That is, in my Gmail *spam* box, not inbox. The inbox is usually clear of it, but the surprising part was that I had around a third to a fourth of my former spam volume a few years ago! I used to have to have 1.5 pages of spam per day before, now you have around 0.5 pages of daily spam in the spambox.

      I'm not sure what Google did if this article is true... Maybe they are so sure of that it's spam, that it doesn't even end up in the spam

      • by rtaylor (70602)

        Maybe they are so sure of that it's spam, that it doesn't even end up in the spam box?

        That's it. Most spam is rejected without telling you about it, possibly even before it gets delivered to the mail server. The spam folder gets the questionable stuff.

      • by msclrhd (1211086)

        I like Gmail for many reasons, one of which is their awesome spam filter. I get only one or two mis-categorised email every couple of weeks, the rest goes to the spam box. Couple that with the coloured labels & filters, and spam/not spam is very easy to identify.

        Hotmail on the other hand is terrible. Ages ago when I was using Hotmail, I ended up with the majority of my inbox being spam so I gave up and tried Gmail. I don't know how good Hotmail is at the moment (or others like YahooMail).

    • by oodaloop (1229816)
      Your sig is deliciously ironic, no?
    • Re: (Score:3, Interesting)

      by squisher (212661)

      And I still see less then 1 per month in my Inbox.
      _THIS_ is the price I am willing to pay to allow Google to filter my email.

      I do agree that gmail's spam filter does not let much through, in truth, it is way too aggressive. Are you subscribed to mailing lists? Often it'll just tag some random message as spam. I've had various things end up in spam over the years, and really wonder how many landed in there that I never noticed (who checks their spam folder every couple of days?).

      Recently I got very upset because I tried to sell something on craigslist, and sure enough, an offer ended up in spam. Of course I didn't check until a co

      • Do you set filters for them? I believe that human defined filters (like tagging all mail with the mailing list name in the subject to a specific tag) trumps the spam filter.

      • by Hittman (81760)

        It happens from time to time, which is why you have to check your spam folder from time to time. Usually simply marking it as "not spam" solves the problem. Even with a few pages of spam that shouldn't take you more than a minute or so.

        Perfection doesn't exist in this area, but Google comes pretty close.

      • by vegiVamp (518171)

        I check mine daily. It's just part of my routine, and because I know it's mostly spam in there, a quick subject scan usually suffices to confirm there's nothing unusual and I can click delete-all.

        A lot of spam seems to come in batches, btw, there's often four, five times almost identical subjects.

    • Seriously. (Score:5, Interesting)

      by aussersterne (212916) on Tuesday February 16, 2010 @04:42PM (#31159854) Homepage

      SPAM was the absolute bane of my existence (I have several very public email addresses that have to remain that way) until the day I finally (at at the time reluctantly) decided to run all of my mail through Gmail accounts, without exception. I had used block lists, several ISP-based filters, spamassassin post-POP3 on my own local net, and a bunch of filters, and it was eating hours a day of attending to SPAM (new filters, fixing filters, marking as spam, marking as ham) and so many CPU cycles that a dedicated box couldn't keep up. Not to mention that due to the processing overhead of all that filtering, when someone did send me a message and told me so, I'd have to tell them "I'll get it in ten to fifteen minutes." And all for a few (three, really) email queues that belong to one person and a couple assistants?

      Now I forget that SPAM exists, and my email comes in more or less instantly.

      For a decade now, Google has more or less singlehandedly kept the internet usable.

    • _THIS_ is the price I am willing to pay to allow Google to filter my email.

      Then you're a fool. Use a personal Bayesian filter, and you'll get that same kind of accuracy without the privacy pricetag. You can find a bunch of them on freshmeat.

      • by cgenman (325138)

        I never had a personal Bayesian filter get the same accuracy as a large, managed online box. At the provider level, the system can know if 200 other people received the same message. Other users help train the spam filter for you before they get to your inbox. The orbs blacklist can be kept up-to-date more quickly on a managed host.

        Bayesian filters, on the other hand, take a lot of user interaction and constant oversight. I've had a few mailing-list style mails fall into Google's trap, but the Bayesian

    • by antdude (79039)

      What about your spam folder?

  • Want to See Spam? (Score:3, Interesting)

    by Petersko (564140) on Tuesday February 16, 2010 @03:51PM (#31159240)
    Subscribe to one free daily naked chick mailing list. Imagine how much of that spam is about porn! There are probably more porn emails sent out every week than there are people on the planet.

    I keep three email accounts. One I give out for things - registrations, contests, all that stuff. One I give out to friends and family. The third just quietly sits there empty. I check it periodically anyway and it makes me happy when no mail is found.
    • I check it periodically anyway and it makes me happy when no mail is found.

      I check my toothbrush holder periodically and it makes me happy when no mail is found in it. Assuming you brush your teeth every day, you should try it - it is quicker than checking an email account.

    • I have my own domain. I have only 4 "real" accounts and give a different account for everyone that needs an email address. My catch-all account sees all the stuff, and I trust SpamAssassin results. Very very little spam gets to me, and when it does I know which company gave out my email address.

      Cheap and easy to setup, and I don't rely on any third party's free email services (which seem to come with their own supplies of spam and losses of privacy).
      • I used to have my main e-mail account be catch-all but quickly discovered spammers like guessing random addresses at any registered domain so I turned it off.
        • Re:Want to See Spam? (Score:4, Interesting)

          by sopssa (1498795) * <sopssa@email.com> on Tuesday February 16, 2010 @04:19PM (#31159564) Journal

          That's why its best to use the middle way. Have own domain and some way to quickly create a new address on it (even if they all go to same mailbox). Always use a new address for different sites and purposes. That way if one of them starts to get problems with spam, you know who sold your address and can easily disable it.

          • by svallarian (43156)

            this works too..

            yourname+slashdot.yourdomain.com

            this even works with gmail!

            • by MobyDisk (75490)

              Yeah, but that trick is so common I can't imagine spammers haven't figured out how to chop off everything after the + sign and get to your main account.

            • Yes, 'cause spammers don't know how to write 's/\+.+?@//' in their apps.

              I personally use Mailinator.com for all my throw away registrations.

            • I'm curious, how does this work with Gmail? Are you creating a new gmail account for each site and re-directing them to the same ultimate mailbox?

              • by Tacvek (948259)

                No, for Gmail, if a mail is revived with a plus in the name, the address is stripped at the plus to determine the account in which to deposit the message.

          • by gilgongo (57446)

            That's why its best to use the middle way. Have own domain and some way to quickly create a new address on it (even if they all go to same mailbox). Always use a new address for different sites and purposes. That way if one of them starts to get problems with spam, you know who sold your address and can easily disable it.

            Yeah - trouble with that is you then get wildcard spam. Once the bots realise your mail server will accept anything on your domain - boosh - 10,000% permanent increase. This means that disabling one address reduces the onslaughts by an amount vanishingly close to zero.

            • by sopssa (1498795) *

              That's why I said middle way (between the parent posters). Don't accept mail to just any account, but create them as you need to, and disable if some of them starts to get spam. If you ever need the same account name again (for example to use some sites forgotten password function), just temporary re-enable it.

      • I have my own domain, too. I also have an ISP that's funny about ports. Sure, I could drop them for such restrictions. But my other choice is dial-up.
    • "I keep three email accounts....."

      My "third email" is a gmail and is for my one weakness in life: big breast websites(subscription based).

      Oddly, I get no spam. I do get the odd newsletter and update "notices". What I also get is the occassional promotion from old sites I subscribed to, which I do like to get.

      How Gmail manages to work out what I want and do not want, and gets it right is either very clever or very chilling.
  • 3 billion spam is a drop in the bucket of the daily spam volumes seen worldwide, there has not been a global increase of spam volumes in the last year of that magnitude (Or really much at all).
  • Ya know (Score:2, Interesting)

    by Stan92057 (737634)
    Ya know,until they start going after the people who hire the spammers nothing is going to change. Some businessperson is responsible for our spam not the spammer. Where and how is this Viagra getting into our country?Where are all the watches being made? and so on. Someone is paying theses spammers,get them. PS: Yes i know its not easy to catch them,but if we can send and control robots from earth on mars it CAN be done.
    • by shentino (1139071)

      out of country companies that hire spammers can rightly tell the USA to go screw themselves. And if that country happens to not like the US, it gets even harder.

      Spammers don't give a shit about following the law. Hell they're brazen enough to DDOS the shit out of Blue Security. Face it, they aren't just annoying. They are vicious crooks, almost as bad as mafiosi and probably wouldn't hesitate to kill if they wanted to.

      The only way to protect US citizens from spam sent from outside the country (or inside

  • by Anonymous Coward on Tuesday February 16, 2010 @04:35PM (#31159772)

    Am I the only one who read this headline and thought, "59 messages a day isn't so bad?"

  • by damn_registrars (1103043) <damn.registrars@gmail.com> on Tuesday February 16, 2010 @04:51PM (#31159994) Homepage Journal
    Yeah, we can see how much of a wonderful difference all those filtering programs that are on the market today are doing for the worldwide spamming problem. That is, no difference.

    If you want to do something about the spamming problem, start looking beyond your own nose. Stop adjusting your filtering rules constantly. Pay attention to the cause of the problem - spam is an economic problem. Until something is done about the profit-motive (and the insane margins of profit) behind spam, the problem will only continue to grow.
    • by Dmala (752610)

      If you want to do something about the spamming problem, start looking beyond your own nose. Stop adjusting your filtering rules constantly. Pay attention to the cause of the problem - spam is an economic problem. Until something is done about the profit-motive (and the insane margins of profit) behind spam, the problem will only continue to grow.

      Two problems with this idea. First, the people who actually buy stuff from spam can be difficult to identify. I think many of them know deep down that they are doing something exquisitely stupid and will deny it if asked. Second, even if we can identify these spam patrons, it is quite illegal in most places to bash their empty skulls in with a baseball bat. Barring some significant changes in legislation, I just don't see how the problem can be tackled from this end.

      • If you want to do something about the spamming problem, start looking beyond your own nose. Stop adjusting your filtering rules constantly. Pay attention to the cause of the problem - spam is an economic problem. Until something is done about the profit-motive (and the insane margins of profit) behind spam, the problem will only continue to grow.

        Two problems with this idea. First, the people who actually buy stuff from spam can be difficult to identify. I think many of them know deep down that they are doing something exquisitely stupid and will deny it if asked

        I apologize if I was overly vague, but that is generally the opposite direction from where I would go. Indeed I expected that most people by now would have given up on the noble (but impractical) aim of "educate every internet user to not buy spamvertised products", hence I advocate instead working to make it more difficult for the spammers themselves to turn a profit. Currently the system unfortunately is doing exactly the opposite of that and making it exceedingly easy for spammers to turn a profit. T

        • by swillden (191260)
          How do you tell the difference between a spamvertiser and a joe job?
          • How do you tell the difference between a spamvertiser and a joe job?

            That is an excellent question. If one were to presume that there is no (or next to no) overlap between the two sets, then you can identify the difference based on the registration of the domain. Often a great number of spamvertised domains are all resolved by a very short list of DNS servers, which is why I advocate looking at the spamvertised domains as well as the domains that resolve and register them. If you follow that reasoning, you could also differentiate spamvertised domains from legitimate dom

    • by miracle69 (34841)

      It's not an economic problem because there is little profit in spam from a legitimate business. If there were, they wouldn't require the use of botnets to steal other peoples resources. The spammer can only profit because their overhead is being spread to unsuspecting users on a global scale.

  • - Monty Python

    "Have you got anything without spam?"
    "Well, there's SPAM, egg, sausage, and SPAM; that's not got much SPAM in it."

    Therefore all SPAM should have eggs and sausage in it.

  • The Viagra spams seem to be dominating my filter now. They don't even mangle the spelling any more! They just change the percent discount from spam-to-spam. Perhaps they change other things too but I don't know because I just "check all, delete". The rise in Viagra spam (no puns intended anywhere in this post) seems to have started about a month ago.

    If Viagra spam isn't considered malicious, then I can't say I've noticed any increase in spam. Maybe they have malicious code attached; but like I said I do

  • by LordArgon (1683588) on Tuesday February 16, 2010 @06:10PM (#31161044)

    Given the estimation that 90% of e-mail was spam *before* a five-fold daily increase, why aren't more people/companies clamoring for a complete e-mail re-architecture? Improved filtering and new spam laws are just symptomatic fixes - the entire way we do e-mail needs to change.

    The resources wasted and stolen by spam are staggering. Eventually the economic and political incentive to adopt better e-mail protocols has to kick in; I'm just surprised it hasn't yet.

  • by TheNarrator (200498) on Tuesday February 16, 2010 @06:53PM (#31161610)

    I have a domain name that I do mail forwarding for. Some botnet owner decided it was worth finding emails to spam to on this domain. So now every single day, 24/7 365 days a year, once or twice a minute I get an attempt to send an email to fsdfs34@mydomain.com where fsdfs34 gets replaced with every possible email conceivable. At first I decided to add an ip blocker for anyone who spammed me, but it soon slowed down my mail server so much that I had to take it out once the list grew into the 10s of thousands of ips.

    Now I just greylist and tightly check EHELOs which seems to keep any of the spam from getting anywhere. Nevertheless, the attempts come relentlessly and continuously like clockwork form ips all over the world.

The trouble with opportunity is that it always comes disguised as hard work. -- Herbert V. Prochnow

Working...