The NY Times is calling it Spam 2.0 – the second wave of the e-junk mail. In the last 6 months, spam deluge is just going from bad to worse. Numbers are doubling, tripling; and there appears to be no end in sight.
Spam is evolving. Whereas text-based spam is getting filtered out easily these days, a new breed of junk called image spam is tricking traditional filters. Until last year, image spam is rare since the technology to randomize images is still young and not as widespread. However, by December 2005, image spam started spiking charts as filters falter in the face of matured and readily available techniques. Spammers started using techniques like image tiling and CAPTCHA. Image tiling takes a big image and splits it up into smaller sized “tiles” that fit together when a recipient views the message. This method confuses OCRs ( Optical Character Recognition), an often-used antispam technology. CAPTCHA ( Completely Automated Public Turing test to tell Computers and Humans Apart), on the other hand, takes a layer of text and places it on top of a layer of a randomly generated background, thus creating a new image every time it runs. Spammers use it to avoid bulk detection and fingerprinting. Ironically, CAPTCHA is developed to prevent bots from signing up in free Internet services like Yahoo! Mail.
Aside from image spam, experts are also pointing to the success of several of this year’s worms (e.g. WORM_STRATION) in turning millions of computers into zombies. The said bots can then be commanded to generate and send out spam. These new sources of spam makes it more difficult to rely on blacklists of known spammers.
Moreover, advertising is not the only force pushing spam. Industry experts, indeed a lot of users, are seeing “pump and dump” schemes that hype up penny stocks to raise their price. To make matters worse these obvious scams appear to be working. A joint study by researchers at Purdue University and Oxford University found that enough recipients buy the stock so that spammers get a 5-6% return in two days.
Spam is getting bigger and better, making it harder for antispam companies to keep up. Can stricter legislation be the key to turn the tide of the spam war? The Can-Spam Act of 2003 in the US seems to have gained some success. However, implementation in the malware and spam cesspools that are Russia, Eastern Europe, and Asia, may prove to be harder to accomplish.