Spoutin' Off: Malware, spam still a pain in the software
By Michael Rau
October 2, 2006
Okay, enough already!
Im drowning in spam, it keeps getting worse, I see no relief in sight, and Im terribly ticked-off.
If youve been reading this column for awhile, you know that my ongoing crusade against spam and other malware is a recurrent theme. Its not that I want it that way, but the problem just keeps getting worse and Im feeling a bit powerless to do anything else about it.
For those of you keeping score, my daily spam count is now up to around a thousand pieces. I use the junk filtering system in Thunderbird to redirect those to a separate folder, and I would estimate that the filter is around 99.5% accurate. But that other 5% can be problematic, so I still cull through those emails designated as spam to make sure Im not losing anything important.
If youve ever sent me an email (thanks!), you know that I use a CGI-based form located on this columns companion Web site to acquire these. The script, called FormMail, is broadly used and has always served me well that is until recently.
One common method employed by spammers to gather email addresses is through the use of bots. These are applications that automatically surf the Web from site to site, scanning for any text matching the correct format for an email address (firstname.lastname@example.org). When it finds them, it copies and stores them. These are then added to the spammers master database, and presto that address starts receiving all the usual detritus youd expect.
Some programs will also take the URL from that email address, and start generating random names, inserting them before the @, and then sending spam out under those names to and from the URL which theyve hijacked. In that case, the mail administrator (me, for some of my clients) also receives those.
Webmasters have used the FormMail system for years now so that they wouldnt have to include actual email addresses on their pages, thus protecting themselves from these bots. Apparently, its not working anymore.
Within to HTML code of a Web page using this form, there is one place where the email address to which to form is sent is inserted. It now seems that the current generation of bots is sniffing through the HTML code, rather than the page text, and is thus finding those email addresses.
When I discovered this had happened with the companion site FormMail page, I immediately changed the email address in the code, and guess what
Within 12 hours, I was getting spam at the new address Id inserted.
The bots are winning and its getting pretty scary.
Im exploring practical solutions and will let you know what I figure out. In the meantime, my email page is still functional, so let me know if you have any ideas.
I bring this up for a couple of other reasons.
The first is a recently released report that says private users are much more responsible for the proliferation of spam and other malware than professional users. This indicates to me that, while the pros are learning how to recognize and deal with malware, private Internet users arent.
So if you want to claim I spend too much time harping on this topic and scolding people about their online habits, Id say the evidence indicates that I obviously dont.
The second reason is an incident involving the courts and my friends at online watchdogs, Spamhaus.
Recently, a judge in Illinois entered a judgement against Spamhaus on behalf of a known spam operation called e360insight. I learned about this judgement in a most interesting way via spam.
While sifting through my junk box, I came across an email that said the sender was Steve Linford with Spamhaus. Having corresponded with them before, I assumed this email was mistakenly shuttled to my junk file. But no It turned out to have been sent using a fake email address through aliased IPs associated with known spam operations.
Now that takes some stones. You have a known spam operation sending out what amounts to a news release, touting its success at being a spammer using spam as the vehicle.
Ive since received more copies of this, sent to various email addresses that I administer, from various fake email addresses.
It turns out that the judgement against Spamhaus was based on the fact that they ignored the lawsuit and the court entered a summary judgement based on the fact that they didnt show up in court.
In a statement, Spamhaus pointed out that as a company doing business in Britain, a court in the United States had no jurisdiction over them. They went on to challenge e360insight to file the same lawsuit in Britain and see how far theyd get with it (not far the Brits are much less tolerant of spammers than we are).
I just cant seem to say this enough. Stop opening spam! Stop aiding and abetting one of the most prolific criminal enterprises in operation today.
Just say no!
Michael Rau is a mass-communications consultant in Virginia Beach. To send feedback or view past columns, go to http://dailypress.asoundidea.com.
Copyright © 2006, Daily Press