INTERNET: Unwanted e-mail can harbour insidious threats to computers’ health
Jim Jamieson
Province
Hasan Cavusoglu says spam is becoming an increasing threat to the Internet economy. Photograph by : Jon Murray, The Province
You’ve seen them slithering through your inbox, likely since the first time you fired up a connected computer.
E-mails offering you deals on mortgages, medical treatments, investment opportunities and, of course, ways to enhance certain body parts, have been and continue to be a fact of online life.
But there has been a seismic shift in the volume and tactics of this mass-mailed, unsolicited e-mail known as spam. While you may be seeing less spam than before in your inbox, filtering software has become very sophisticated — so, much of what is sent over the Internet by spammers never reaches you. As well, many spam e-mails contain invalid addresses.
The sheer volume is staggering, as numerous antivirus companies have reported in recent months.
Postini, an online-communications security company, said spam set a record level in December of nearly 94 per cent of all electronic mail on the Internet. Postini said it blocked more than 25 billion spam messages in December, representing a 144-per-cent increase from December 2005.
The company said the potential loss in worker productivity could have billions of dollars in impact.
It estimated that spending 15 minutes a day dealing with the increased volume of spam can cost companies $3,200 per employee per year. That’s not to mention the cost to individuals who have had their bank accounts drained or identity stolen as a result of spam-driven fraud.
Does the spiking volume of spam threaten the very functionality of the Internet itself?
Hasan Cavusoglu, an assistant professor in the management information systems division at the University of B.C.’s Sauder School of Business, said that scenario is unlikely, but spam is becoming an ever-increasing threat to the Internet economy.
“It’s a big drain on resources,” said Cavusoglu. “[On the Internet] every package is delivered through a best-effort service. The result is if you load the network with a huge volume of spam, it will try to deliver it.
“The problem is that it seems like sending [e-mail] is free, but delivering this traffic is not free. The companies who deliver it are in effect spending money for nothing.”
Security companies say that much of the increased volume of spam is coming from so-called “bot-nets,” which are networks of hijacked personal computers that are used to dump massive amounts of spam and viruses. These PCs are compromised in the first place by spam e-mail that either fools recipients into opening an attachment containing a concealed virus designed to stealthily take control of the machine or sends them to a website that will effectively do the same thing. All of this is being fed by the rapid rise of always-on, high-speed Internet connections — which is a requirement for bot-nets to function.
Ron O’Brien, an analyst with global Internet security company Sophos Inc., which has a large lab in Vancouver, said historically spam was the vehicle through which viruses were delivered to your in-box and circulated around your network through mass-mailer worms.
“What we’re seeing now is the percentage of e-mail that is infected with a virus is down,” he said. “A year ago it was one in every 41 [spam] e-mails. Now it’s one in every 337.”
But the threat is actually greater now, O’Brien said.
“What we’re seeing now is spam e-mail that contain links that will connect you to a website,” he said. “Merely going to that website will result in a virus being downloaded to your computer, and that can result in someone else being able to access your computer.”
O’Brien said malicious code, or so-called “malware,” has skyrocketed as spamming has evolved. He said there are more than 200,000 forms of malware in existence. In November 2006, Sophos saw over 7,000 new pieces of malware — four times that of November 2005.
O’Brien said the company identifies 5,000 new URLs hosting dangerous computer code every day.
A major factor behind the explosion of spam has been the large-scale migration of organized crime to the Internet, said Jordan Kalpin, Canadian regional director for IBM Internet Security Systems. He said criminals have taken extortion schemes from the real world and put them online.
“You’ll see online businesses threatened with a denial-of-service attack if they don’t pay,” he said. “For some companies, having their servers down for six hours costs them a lot of money in lost business and customers.”
He said a supply chain of shady services has sprung up on the Net.
“[Malware] is sold by third-party spam distributors,” he said. “Spammers will lease out their network to the highest bidder.”
If you’re hoping for a legal remedy to this problem, there’s not much relief in Canada, said Adam Atlas, a board member of anti-spam lobby group CAUCE Canada and a lawyer who practises in the electronic transactions area.
The difficulty, of course, is balancing the interests of free speech, privacy and commerce.
“Canada is one of the few developed countries that does not have legislation specifically addressing spam,” he said.
SPAM PRIMER
What is it? Loosely defined as mass-distributed, unsolicited e-mail, it usually has a commercial angle — real or fraudulent. It can contain malicious code that will try to install programs on a PC or lure the unsuspecting to infected websites or to surrender sensitive personal information.
What should I watch out for?
E-mail from people you don’t know, unsolicited recommendations, get-rich-quick schemes, notification of winning a contest you didn’t enter.
How can I avoid being victimized? Never reply to a spam message. Delete it and block the sender. Make sure your PC is loaded with up-to-date antivirus and firewall software and keep it updated. Conduct regular virus scans.
© The Vancouver Province 2007
