Back in the office, and, yikes, boatloads of spam in the company inbox. Which is a bit unusual, as the corporate spam fighters are pretty diligent about fighting the stuff.
Saw a few official inquiries floating around out in the ether, and found some interesting stats cited here about recent changes in spam e-mail, to wit, the black hat keep getting more and more devious at bypassing filters for the least cost.
Image-based spam has increased twelve-fold in the past year, and a higher percentage is making it past spam filters. According to research released by security gateway provider IronPort, images are varied each time a message is sent out. […] The difference may be a change in the border, or the variance of one pixel, but the change is enough to get past traditional content and signature-scanning filters. […] “Over the past year (June 2005 to June 2006), image-based spam increased from 1 percent to 12
percent of spam volume. Image-based spam accounts for over five billion messages per day. About 78 percent of this pervasive spam passes through first- and second-generation spam filters. Sprosts estimates about 30 percent of spam delivered to an individual’s inbox can be this type image-based messaging.
Plus the images are embedded in the messages, making it more likely they’ll be seen (since so many e-mail clients now automatically filter out linked graphics unless the user opts in).
Spammers are making more use of zombie machines, too, infected systems that let them send out spam without their own (blockable) fingerprints on them. Any individual machine or IP address is used only for a few hours at a time, again to prevent filters from reacting.
Also cycled through are the links to the spam customer’s site. We tend to think of domains as fairly permanent, but these are anything but.
A similar rotation takes place with the URLs used in spam. The average lifecycle of a domain used in a spam message was 48 hours in June of 2005. In that time the domain would be detected and added to blacklists. The average duration of a URL is now four hours or less. The quick changeover of Web addresses evades blacklists and also exploits domain registration. Domains are used and allowed to expire before registration is paid for. “In April there were over 35 million domains registered, 32 million of which
were never paid for and expired after five days,” said the report. The practice brings the cost of registering a domain to zero and removes any barriers associated with the cost of switching.
Again and again, it appears that the ease the Net provides in communicating — instant domain definition, easy multi-media e-mail, flexible IP addresses — are just what the spammers need to get through, too. And the only answers seem to be on putting the brakes on such tools, which has all sorts of other unpleasant side effects (i.e., reduced functionality for Thee and Me).
Bleah.