Spam Remains a Potent Threat to Systems

aratrembly.jpg

Summer is almost here—at least for those of us in the Northern Hemisphere—and that means lots of great things are possible, including camping, swimming, hiking, fishing, boating, baseball or just enjoying a cold drink on a warm beach. Of course, the season has its minor annoyances as well, and the one that comes to mind for me is mosquitoes. 

Certainly, it’s no big deal for most of us if one of these little creatures decides to suck a bit of blood from our veins. After all, it’s not as if some hideous vampire decided to make a precipitous 10-pint withdrawal from our personal blood bank. And usually all that is left behind is a bump that itches like crazy for a few days. We can put up with that, unless, of course, the mosquito in question is carrying something like West Nile virus, which can be fatal. Still, that’s probably not something we normally worry about. 

So why do I bring this up? It occurs to me that spam—those unbidden commercial messages that find their way into our cyber mailboxes—is a lot like the mosquito threat. We find it mildly irritating, but we accept it as a fact of life that need not concern us most of the time—unless, of course, that spam message opens a gateway for someone to steal your files, your private data, or the use of your computer via one of the many forms of malware that continue to proliferate on the Internet. 

I saw something recently in Computerworld that really brought the seriousness of this threat home to me. A technology researcher reported that some botnet-infected PCs may send out as many as 25,000 spam messages per hour. Looking at the world’s nine biggest spam botnets, researchers found that each of them is capable of this volume, or a total of 600,000 spam messages per day for every infected PC on the botnet. A botnet (or robot network) is a group of computers that run a computer program under the control of a single source. 

So that could be your computer or mine spewing out messages that contain viruses, spyware or worse. Alternately, we could be on the receiving end of this mass of dirty data. And yet we think no more of this threat today than we do of the occasional mosquito bite we’ll get at our next summer barbeque. 

There is no easy solution. Even spammers seem to have legal rights when it comes to expression, and the maddening fact is that many of them are a couple of steps ahead of efforts to thwart them. Spam filters work to some degree, but even there, spammers can change email addresses and weed out certain words that get their messages kicked out on most filters. I am amazed at how clever some of the messages are—often because the spammer has already gathered information on me and thus can personalize its pitch, perhaps influencing me to believe that it comes from someone I might know. 

Even if anti-spam laws are enacted, how would they apply to spam that comes to one from outside the country? It might be fun to take all the spam we get and forward it to all the spammers who contact us, assuming we knew the actual source of the spam. Unfortunately, we usually don’t know the original source. 

You would think that the people who propagate this poppycock would experience some level of shame over doing so. Yet I know one individual in our industry who openly admits to being a spammer and shows no sign of apologizing for it. No, he’s not a crook, but what he puts out there is a nuisance and a potential danger to my business. 

Spam is the key that can unlock many doors in the world of cyberspace; that’s why criminals like to use it. It is my hope that more research dollars can be poured into finding ways to keep these hounds at bay and allow us to lead our lives in relative peace. One thing is clear, however. We cannot afford to give this menace the same level of non-attention as we do the odd mosquito. I, for one, enjoy dispatching those engorged little devils.

Ara C. Trembly is the founder of Ara Trembly, The Tech Consultant, and a noted speaker on and longtime observer of technology in insurance and financial services. He can be reached at ara@aratremblytechnology.com.

The opinions posted in this blog do not necessarily reflect those of Insurance Networking News or SourceMedia.

For reprint and licensing requests for this article, click here.
Security risk Data security Core systems
MORE FROM DIGITAL INSURANCE