Establishing Digital Trust: Don't Sacrifice Security for Convenience
America Online, Inc., Earthlink, Inc., Microsoft Corp., and Yahoo!, Inc. have joined forcesto collectively file six lawsuits against hundreds of defendants, including some of whatthe ISPs are calling the 'most notorious large-scale spammers'. These are the first majorindustry lawsuits under the new federal Can-Spam Act that went into effect Jan. 1 of thisyear.
''This is definitely a good shot across the bow for the spammers that we know about,'' saysMark Sunner, CTO, of MessageLabs, Inc., Inc., a New York-based email security company.''It's a good deterrent to the less-sophisticated spammers who will be put off by this. Butthe technically savvy spammers, the really major spammers, will be driven furtherunderground and they'll take great steps to cover their tracks.''
Sunner and other industry observers say the largest and most dangerous spammers are takingincreasingly technical and stealthy steps to shield themselves from detection.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i ''The higher-end spammers have stealth techniques down to a science,'' adds SteveSundermeier, a vice president for Central Command, Inc., a security company based inMedina, Ohio. ''It's apparent that so many of the new worms -- Netsky and MyDoom and Sobig-- are being put out there by the spammers. They set up zombie machines that send the spamout for them and that makes it harder to trace the problem back to them... It's going to beharder to get to them. It's going to be harder to scare them.''
For months now, the anti-spam and the anti-virus communities have been saying that therehas been a great convergence between viruses and spam. Virus writers used to producemalicious code for the thrill of it -- to make a name for themselves in the undergroundcommunity. Today, they're more apt to be working for major spammers who want to compromisehundreds of thousands of machines, opening backdoors and using them to send out unsolicitedbulk email.
Vince Schiavone, president and CEO of the ePrivacy Group, an advisory group that focuses onspam and other security issues, says spammers also are setting up networks of workersaround the globe to create another layer between themselves and law enforcement.
''We're talking about spam networks,'' says Schiavone. ''They've got chains of people soinstead of 10 million spams being sent from one address, they've got a network of hundredsof people each sending thousands of spams. It's making it harder to find out who's at thetop of that chain.
''I wonder how many people in these spam lawsuits are really working for somebody else,''he adds. ''Now that would be interesting to find out.''
But representatives of the four ISPs filing the lawsuits say they are attacking the majorplayers.
''Today is a red-letter day for big-time spammers, and the letters they should rememberfrom this day forward are 'CAN-SPAM,''' said AOL Executive Vice President and GeneralCounsel Randall Boe, speaking at a press conference in Washington, D.C. Wednesday morning.''Consumers should take note that the new law not only empowered us to help can the spam,but also to can the spammers as well. And we'll do that, one spam kingpin at a time ifnecessary.''
And William Hugh Murray, an executive consultant for TruSecure Corp., a risk managementcompany based in Herndon, Va., says having the ISPs throw their weight behind the anti-spameffort is just what's needed.
''My sense is that this problem has reach such scale that it must be dealt with... theInternet, as we know it, is broken,'' says Murray. ''These ISPs are big players with muscleand money. We need them involved in this fight... If we don't do something, we'll havereached the point where the public's trust will be broken and it won't be repaired.''
No one is arguing that spam is out of control.
Several anti-spam companies, including MessageLabs, have recently said that spam isincreasing at such an alarming rate that even though it accounted for 24 percent of allemail a year ago, it is expected to make up 80 percent of all email being sent around theworld by the third-quarter of this year.
And it is affecting how -- or how little -- people are using email.
Spam actually now is driving people away from using their email. A recent report from thePew Internet & American Life Project, an organization focused on researching the Internet'simpact on society, shows that people are actually using email less because they don't wantto deal with the digital scourge.
What analysts can't agree on is how to stop it. And some say that the ISPs lawsuit, while agood step, just isn't the silver bullet that many hope it will be.
''I do think legislation is a good thing and it's encouraging to see ISPs going afterpeople,'' says MessageLab's Sunner. ''The fact that this is happening, clearly, is notgoing to mean that spammers around the globe stop sending spam. They'll just take greatersteps to cover their tracks.''