6:10 am (UTC-7) | by Gedrick Lacson (Anti-spam Research Engineer)
Recently our CTO, Raimund Genes, talked about how spam was still a problem today, even if users “know not to click on them”:
Let’s talk about what spam is, why it’s still a problem today, and what Trend Micro is doing to help solve this threat.
Spam is what we call unsolicited e-mail message sent in bulk. They come in different types, namely:
- Adult/Sexual: Pornographic content, sexual enhancers, online dating
- Commercial: Selling products/services, web hosting, OEM
- Education/Degree: Online degree offers
- Financial: Bank loans, financial counseling, mortgage/debt reduction, credit card offers
- Health: Online pharmacy, herbal, drugs
- Others: Malware-related, phishing messages, racial
- Scam: Lottery, money mules, job offers
- Spiritual: Religious
- Stock: Stock promotion, pump and dump campaigns
Some of these e-mail messages are just meant to advertise their wares by flooding users’ inboxes. However, some of them can also cause real problems for their recipients. Some spammed messages are used for phishing attacks and spreading malware, which allows the attacker to collect sensitive information (such as bank accounts, credit card numbers, passwords) or even use the infected system for their crimes.
Why am I still getting spam if everyone knows not to click on it?
It’s not exactly true that everyone knows not to click on spam. Unfortunately, not everyone on the Internet can be described as tech-savvy – many users still click on links in spam messages. Spammers use different techniques to fool their victims. These techniques include spoofing the sender of mail, posing as a legitimate newsletter or website, and using enticing words such as discounts or offers.
People will also click on spam mails because they are merely curious about their content. As the old saying goes, curiosity kills the cat. One small act of curiosity can lead to spam. Never open a file or click on a link unless you are sure of what it does or where it leads to.
As long as it makes money, spammers will continue sending out their unsolicited messages.
To send spam is very cheap…
How come the criminals seem to have unlimited resources to send spam? That’s because, in effect, they do. Spammers use malware-infected systems in two ways. First, they gather e-mail addresses that they add to their lists of spam recipients. Second, these infected systems are used to send the spam messages as well. It’s important to always be aware of the current trends in the threat landscape and to use reliable antivirus software. However, it doesn’t hurt to be too careful. Nobody wants to end up becoming an accomplice to the bad guys. Prevention is better than the cure.
It’s a constant battle…
Just as anti-spam solutions continue to evolve, so does spam. Spammers have their own ways fine-tuning the messages they send out so they can evade the most effective spam filters. However, this requires extensive testing and time on their part.
In response, Trend Micro is using in-the-cloud technology which delivers updates almost-instantly, making it harder for the attackers to fine-tune their attacks because we are able to protect users more quickly. Coming up with a perfect solution against all kinds of spam is a huge challenge, since aggressive spam detection can also cause false positives. (False positives are legitimate messages which are detected as spam.)
To be truly effective, we have to strike a balance between false positives and optimal spam detection. There will always be spam, but we at Trend Micro will always be there to help protect users from this threat.
The spam threat is also going beyond conventional e-mail and into other media like instant messages, and social networks like Facebook and Twitter. These pose new challenges, but it is an issue that will inevitably become part of the future security landscape.
What can I do to stop spam?
Users can do two things to help fight spam. First of all, you should never, ever click a link, download a file, buy a product, or do anything a spam message suggests you should do. Doing so will not only protect yourself, it will also prevent spammers from profiting from their schemes.
You should also run a reliable security program on your machine. This protects you from malware threats, among which are the spam bots that are used to send spam to other users all over the world.
Share this article