The Bankwatch

Over the last two months in particular, I have noted an increase in spam.  Both the volume being caught by gmail for example, and in the numbers that are getting through.

I have a yahoo account too, and yahoo seems unable to catch any 519 Nigerian “we want to transfer $14 million to you” scams, such that my yahoo account is now unusable.

This graphic from Tom3 depicts the surge in spam since May 05 when it began, and a dramatic uptick since June 2006, that fits nicely with my personal experience, and I am sure your own.

Hart goes on to talk about the new trend in use of bot nets to promote spam.  Bot nets were used by hackers in the “good old days” to promote DoS (Denial of Service attacks) but now they are being rented out to spammers.  That virus/ keyboard logger/ you used to be worried about now includes software that runs in the background taking over your PC and adding it to the bot net.  These nets can be as many as millions of PC’s unconsciously working together to provide super computer like computing capacity.  Hart goes on:

Bots and bot nets have rapidly emerged as one of the major threats on the Internet. Tens of thousands of compromised PCs are frequently counted among a single bot net’s unwilling members, with some bot nets boasting as many as a million systems. Traditionally, the networks have been used to install adware on victims’ machines or level denial-of-service attacks at online companies as part of an extortion scheme.

Now, spammers are frequently counted among the operators or the clients of bot nets. Last May, a spammer only identified as “PharmaMaster” used a bot net to target anti-spam provider Blue Security and its Internet service providers with a massive denial-of-service attack that blocked access to the companies for hours and, in the case of Blue Security, days. Because of the attack, the company exited the anti-spam business.

Many bot herders–as the criminals that infect computers with bot software are named–sell or rent bot nets to others to use, and spammers increasingly seem to be among their customers.

Spam used to emanate from a spam server, so was relatively easy to identify.  When spam emanates from a bot net, the “bad guy” could be your PC in your home.  This makes identification much harder.

Other trends are the spam content evolution to trick spam filters:

The majority of spam now seems to be pharmaceutical and stock related. In particular, image spam–which contains meaningless and random text snippets to throw off filters and an image with the actual advertisement–that touts stocks has surged.

On a final note, this week I had an email from a colleague in branch land complaining about another banks employee who had spammed an enormous number of our banks employees. In retrospect that email either a really stupid employee, or a spam attack cheating by use of his name.  Either way the credibility of email that you are not expecting and unauthenticated is in doubt.

Relevance to Bankwatch:

Banks should banish email marketing.  It merely contributes to the problem, and the overall marketing benefit is minimal in the scheme of things when compared to the price:

Hart argues that, if no one bought the goods hawked by spammers, then the incentive for bulk e-mailers would rapidly go away. The message is simple, he added.