Based on what comes through my inbox, I am seeing a firm trend away from malicious, designed-to-destroy-your-hard-drive-virus-laden messages. The payload of spam today is focused on money, through use of one of these two techniques:
- Getting the recipient to take action that results in confirming an address (a click-back indicates the address is valid, a human read it, and clicked on the payload - this is a golden address and is worth more to the list sellers), or,
- Getting the recipient to actually make a purchase. Though this second goal is seemingly more difficult, real people (unfortunately) really do make purchases as a result of Unsolicited Bulk Email (UBE).
And bulk it is… we all saw news of the arrest last week of the spammer who is alleged to have sent billions (that’s BILIIONS) of UBE’s a day from his apartment in Seattle. It’s a numbers game - more messages means that the small percentage of fools who click through the messages turns into a really big empirical number. 0.5% of 10Billion per day makes it the modern example of the grocery store model. The margins are painfully small, but with high enough volume, you can still make a lot of money. The model isn’t exactly the same, but you get the idea.
So what about the trend claim I’m making?
I run Mailscanner & spamassassin (SA) as my anti-spam tools. Part of what Mailscanner (MS) does is categorize spam with regard to the SA score, a number representing the likelihood that the message is spam based upon results of various tests. Using these scores, MS then provides this nice, high-level summary of the mail it has processed. Take a look at this report:
Notice that there have been no viruses detected. This has been going on for quite a while. It simply struck me this morning that this isn’t merely anecdotal - it is indicative of what email is really now being used to accomplish. Destructive viruses may continue to be developed, but the new gold mine - volume of delivery & subsequent action - necessitates new techniques.
Viruses are far too easy to detect when included as direct payload, making them easy prey to the many anti-virus programs available. Not so easy to discard is a simple message; though heavily disguised (spoofed address, bogus text, stock-scam embedded gifs in HTML…), the message itself is “clean” in the virus sense. So it gets through the anti-virus hammer-of-death.
There’s no money to be made in discarded messages, so rest assured that the trend I am now noticing has been discussed and planned by the big-time spammers months ago.
Post a Comment