Internet Insecurity - Spams and Virusus

Internet Insecurity - Spam & Viruses

By : Jim Pinto,
San Diego, CA.
USA

For several years the growth of the Internet seemed unlimited, an almost free resource that provided vast benefits. But that expansion is now being choked, and security is threatened by the twin plagues of spam and viruses.

This article was published by:

Automation.com, February 2004

An earlier version was was also published by:

Automation World, September 2003

Junk mail overload

More than 13 billion unwanted e-mail messages swamp the Internet every day, worldwide. This time-wasting junk is a $10-20 billion annual drag on worker productivity in the US alone. Computer virus attacks cost global businesses an estimated $55 billion in damages in 2003, and the total will clearly increase this year.

In a perverse analogy to Moore's Law, the number of spam messages is doubling roughly every 18 months. It has risen from 8% of all e-mail in 2000 to more than 40% by the end of 2002, and about 60-75%% in 2004. Conceivably, spam could soon represent 90% of all e-mail.

Common techniques used by spammers include forged sender names, false subject lines, fake server names, inaccurate and misrepresented sender addresses, or obscured transmission paths.

And there are scam-spams, like the by-now well-known Nigerian scam that has spread to all parts of the world. A senior Nigerian "official" asks your help to transfer millions of dollars. Nigerian scam operations employ thousands of people, and will gross over $2b in 2003.

Filters (in Outlook and other client email programs) are used to sift real mail from spam. But this is not a magic solution, as spammers use random words in subject headers and replaced text with pictures to go undetected.

Virus attacks

Complicating the issue is the virus problem – unwanted emails that cause serious damage to individual computers, or complete networks. 2004 was only about a month old when there was yet another major computer virus attack that bogged down servers and business systems worldwide; this was the MyDoom virus, perhaps the most pervasive ever, and still a big nuisance to all email users worldwide.

While MyDoom itself is still the current number-one on the virus infection charts, antivirus firms are warning that its second descendent, a new worm dubbed DoomJuice, has started making the rounds. The worm does not spread by e-mail, but rather seeks out machines that have been compromised by Mydoom, and infects them by itself, without any action required by the user.

Malicious code attacks are continuing to run rampant, with the problem getting ever worse. New virus versions are still emerging, trying to outsmart all the latest antivirus software.

Spam threats and network viruses will likely become more prevalent in 2004. The spam threat is increasing exponentially, becoming the basis for viruses and hacking programs trying to gain an entry into networks. Blended threats are the standard way to attack networks, where one virus file will create four to five different activities within the system.

The most worrying trend is spam e-mails combined with viruses, making spam more difficult to detect and more dangerous. Also, the virus-to-e-mail ratio is growing worse, mainly because many users and resource managers don't keep their security up to date.

Countermeasures

Internet vulnerabilities will force ever-greater counter measures in coming years. On a personal level, my suggestion is to stick with the major anti-virus software standards: Norton or MacAfee. Get regular upgrades and automatic daily updates to assure that the best possible protection is always installed.

Until recently, there didn't seem to be a foolproof way to eliminate spam. As quickly as systems managers added filters (catching specific words), spammers come up with new ways to bypass those filters. But smarter filtering techniques are yielding good results.

Here's a summary:

Blacklist: Identify the IP address of the spam sender's computer, then advise the service provider to block mail from that address. This method is effective, but it inevitably leads to a cat-and-mouse game between spammers and blockers.
Distributed identification: A community of users flag spam for one another. When enough recipients object to a particular message, it's automatically transferred to everyone else's spam folders.
Profiles: Heuristic analysis software looks for invalid message traits – as defined by an evolving set of rules – and develops a numerical score for each incoming email. If the score hits a designated limit, the email is blocked. Of course, some good messages get flagged too.
Filtering: Bayesian filtering doesn't adhere to any particular set of rules – it learns and re-learns how to spot spam by scanning the mail that’s accepted and rejected. The filter calculates probabilities based on the most unusual characteristics of each message. With time, it “knows” what kind of email to deliver, and what to delete. This “artificial intelligence” filtering eliminates more than 99 percent of unwanted messages. This is already popular in the open source community and may soon be adopted commercially.

Other legal (regulatory) solutions that are also being pursued to limit the growth of spam:

Labels: More than 25 states already require senders to label spam as spam, and legislation is being proposed to fine spammers. This is similar to proposed stiff penalties for telemarketing calls to numbers on a prohibited list.
Email fees: Because email is essentially free, spammers can literally send millions of messages at minimal cost. Levying a charge (however small) on legitimate email distribution will limit mass mailings, though it won’t stop it. Another fee-based solution would be to make senders of email pay a fee if their mail is rejected as spam.

With all its vast growth potential, the Internet is still in its infancy from the standpoint of the ability to curb malicious intent and regulate unwanted messages. For beneficial growth to continue, users will need to develop discipline together with a combination of smart software tools and viral antidotes. Software and email vulnerabilities will force ever-greater counter measures in coming years.

On a personal level, my suggestion is to stick with the major anti-virus software standards: Norton or MacAfee. Get regular upgrades and automatic daily updates – including free operating-system upgrades from Microsoft – to assure that you are as well protected as possible.

And hey! Don't mess with mega-money transfers from Nigeria....