We’ve all had a lot of fun laughing at Bill Gates’ prediction back in 2004 that spam would be a dead issue within two years. Far from reducing, the level of spam has risen to new levels, often accounting for more than 90% of all internet mail traffic.

But is it possible that Bill will be proved right eventually, with only his timescales slightly awry?

I don’t know about you, but my spam filters work pretty well these days. The occasional bit of image spam gets through – one or two a day, maybe – and I can’t remember the last time I found a false positive.

Graham Cluley over at Sophos thinks he can detect signs of desperation among the spammers. The sudden flood of spam using PDF attachments to fool the filters peaked in August and has abated quickly. Cluley sees this as the spammers struggling to find their way past ever stronger defences.

Now we hear that Excel files are being used to carried spam, in the hope that people will not suspect a spreadsheet. Most filters should be able to close that down quickly, and users will leanr not to fall for the trick more than once.

So there really is a prospect of spam – in the sense scattergun mass-mailings – becoming so unsuccessful that the perpetrators might think about giving up on it.

But Mark Sunner of MessageLabs sees new types of unwanted mail that work on different principles. First we see the short-burst mailing that lasts just a few minutes and disappears before it hits the honeypots used by the anti-spam community to track new traffic. It may not hit as many addresses as the traditional blockbuster mailing, but it has more chance of getting through.

The trend he notes is for hackers to trawl detail from social networking sites and to send very personalised messages to the recipients. In one incident he reports seeing a spate of messages all sent to company board directors (or their secretaries in a couple of cases) which asked them to click on a link.

The links were cleverly labelled either ‘invoice’, ‘customer complaint’, or ‘directive from the Financial Services Authority’. As soon as the recipient clicked on the link, of course, a trojan was downloaded on to the machine, ready to transmit back whatever private information a hacker might want.

And where did the information for the addresses come from? It turned out that all the recipients had given out their contact details on LinkedIn, and these had subsequently been harvested easily by the spammers. The scam would work as easily with other business-based networks like Plaxo, or social sites like Facebook and Myspace.

Which leads me to conclude that mass-mailing spam might be on the way out, but we still need to be very careful about how we handle email.

IT security and control firm Sophos has reported a dramatic decrease in the amount of spam emails using PDF file attachments to spread their unwanted messages.  According to research compiled by SophosLabs, Sophos’s global network of virus, spyware and spam analysis centres, levels of PDF spam have dropped from a high of close to 30 percent of all spam in ealry August, to virtually zero.

“If PDF spam email messages have all but disappeared, there can only be one reason – they’re not working,” said Graham Cluley, senior technology consultant for Sophos.  “Spammers wouldn’t turn away from PDF spam if it was an effective way to fill their pockets with cash and direct consumers to their websites, dodgy goods or dodgy investment opportunities.  This drop indicates that the spammers are finding it hard to fool the public into reading marketing messages distributed in this way.”

Levels of PDF spam spiked on 7 August 2007 when a single campaign, designed to manipulate stock prices of Prime Time Group Inc, accounted for a 30 percent increase in overall junk email levels.  Since then, however, PDF spam has shown a sharp decline.

“Of course, it’s too early to say that this is the last we will see of PDF spam.  There could still be more campaigns to come, but its dramatic fall may be a sign that we are witnessing its demise,” continued Cluley.  “Our advice remains the same to all internet users – it make sense to ensure that your email inbox is properly defended with a product which can defend against the threats of spam and malware.”

Sophos experts point to a number of disadvantages for spammers who try and use PDFs in their spam campaigns which may explain its decline.

“PDF spam simply isn’t as immediate a way of communicating with your intended audience as an instant glimpse of the marketing message in your victim’s email preview pane,” explained Cluley. “Furthermore, have you tried opening a PDF file? Adobe Acrobat chugs into action, taking a fair while to load before it can show you the contents of the PDF.  Consumers learn pretty quickly that it’s a waste of time to open every unsolicited PDF they receive, which means the spammer’s message doesn’t get read, and the cybercriminals don’t make any money.”

Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.

For more information, and a graphical chart showing the level of PDF spam, please visit: http://www.sophos.com/security/blog/2007/08/543.html

Last month it was PDFs and this month it’s Microsoft Excel attachments being used by spammers to disguise their stock ‘pump-and-dump’ scams or more malicious attacks.

According to email security company PineApp, this is just the latest development in a new generation of image-based spam (they call it Spam 2) in an attempt to avoid detection by anti-spam engines. The new Excel attachments appear with file names such as invoice20202.xls, stock-information-3572.xls and requested report.xls.

This new approach to wrap messages in new file formats will successfully bypass most anti-spam engines that analyse the content. But technologies that look for patterns in mass emails – including PineApp’s Recurrent Pattern Detection (RPD), as it happens – are able to block this new type of spam automatically.

Content-agnostic RPD protects against image based spam attacks in any format or language, while PineApp’s Zombie Detection System (ZDS) offloads unwanted traffic at the network perimeter, based on the history and reputation of email senders. This dynamically identifies and blocks spam and malware in real time that is being sent from zombie computers or ‘bots’ that have been infected by Trojans.

“In the last month, image based Spam 2 attacks including pdf and excel spam accounted for over 50% of all spam we detected,” said Steve Cornish UK sales and marketing director at PineApp. “Excel spam on its own currently accounts for just 5% but this still represents millions of messages and next month we may start to see PowerPoint or Word files, for example. RPD technology is the only way to protect against this growing trend and stay one step ahead of the spammers.”

To block Spam 2 attacks, the PineApp Mail-SeCure appliance integrates five anti-virus engines – three signature based, one heuristic based and one zero-hour detection mechanism – along with 11 anti-spam engines. These include RPD along with Zombie detection, IP reputation, image spam defence, heuristic and Bayesian engines. When Mail-SeCure’s RPD engine is activated all incoming mail undergoes statistical and pattern detection analysis and is then blocked or tagged as spam.

In addition to non targeted threats such as spam, viruses, worms and Trojan-horses, Mail-Secure protects against targeted threats including Mail-bombing, DoES and Backscatter. The fully scaleable system also provides administrators with a single-point, three-tier management system that enforces advanced local policy and provides users with a mechanism to control and manage their mail flow.

Hi there security people.

This site is intended to promote the idea of information security as a profession, and one that really matters to business and has a real role in making things run more smoothly.

I’ve been around the IT field for (gulp) nearly 40 years, so a few lessons have rubbed off on the way. I’d like to share those with you here, but I’d also like to get your feedback too.

So PLEASE feel free to comment and tell me when I talking b***ocks.

By the way, the lass in the picture is my grand-daughter Sophie who has taught me much about keeping computers away from mischievous hands….a metaphor for us all.

Ron Condon