There are no magic bullets; This is presented as just a new facet in a many faceted cyber-war we will probably always be fighting against this plague.
Before I let loose the main argument, let me take this opportunity to address one of my relevant pet peeves and ask:
Mail client programmers: Please re-design your ‘client’ interfaces to force “BCC” as the default address field! Require that it be a conscious and intentional process to put more than one recipient in the “To” field.
I often work with, (customer), clients who have had their e-mail address compromised and need new addresses. All their friends and contacts get sexual-potency-drug spam or worse, seemingly from them. They don’t realize they are contributing to the problem by putting all their recipients’ addresses in the “To” field, instead of “BCC”.
Many of us are victims of this annoyance, because we are on others’ group mailings. It can become much more than an annoyance though, when the spambots place evil code in your computer.
I have been researching the spambots’ ways of avoiding detection and their propagation tricks.
Many computer owners do not realize that they have a root-kit in their computer, maybe even picked up at a legitimate site in a hacked ad. Social networking practices by both the sites and members are proving to be a treasure trove to the spammers. Their malicious codes are in .pdfs, images, who knows where tomorrow?
The mind boggling numbers of messages sent are hard to even believe. A single bot, embedded into 50,000 to 500,000 computers, with yet more computers downstream, will send billions of e-mail spam every day! Estimates are that possibly up to 95% of all e-mail is spam.
One is perhaps lucky if the worst you’ve suffered is the chore of deleting it all. The service, consulting, repair, and computer re-building costs are probably astronomical and not even known by the stat guys, but it is truly enormous if what I am aware of should be extrapolated across all the populations of the computerized world.
Here is my strategy:
In addition to the current efforts, (filtering, blocking by definition databases, etc., et al), a new type of counter-attack should be brought into the battle. This one searches for nothing! It might, however hit them in the pocketbook like never before.
- Set up a public awareness policy of forwarding all spam to a single collection and analysis process. I hesitate to say ‘collection point’ when I consider what might be a staggering volume; but the university researchers might put a scale to it, and put an estimate on hardware requirements.
- Billions of spam messages are largely cloned, and can be instantly deleted after categorization.
Now comes the active ingredient of this formula:
- All of the commercial spam has its origin and path well concealed, but one thing in common, – a target with a means of collecting our money.
- That target is complicit.
- That target, when vetted by proper analysis and identification, would cease to be profitable if it received many thousands of “compliance directives” for every innocent responder that might be a source of income to the spam industry. I think a legal pathway would have to be established to allow this, but those who pay spammers deserve no slack.
- If no one is making the money they are accustomed to at the far end of the cycle, money that must work its way back to the front end, then what will sustain this foul industry?
This scheme surely needs tuning up by the real experts and tech wizards, neither of which I pretend to be. Maybe it would be a start though…
This strategy would be of no value in the defense of the malware that is sent out, searching victims’ computers for pure theft of credit cards, or any financial information useful for account raiding. We must continue to “weapon up” and use the most current weapons available to try to shield ourselves from those attacks, which is still the best medicine in the spam wars too.
Bruce Hinton