Whittling spam down to a manageable level
- By William Jackson
- May 13, 2008
A recent report by security software maker Symantec reveals that spam accounted for an average of 80 percent of traffic hitting e-mail gateways in April, spiking as high as 87 percent at times. That is a daunting figure, but Garth Bruen of KnujOn looks at the problem in a different way.
According to a study being presented this week by KnujOn to the High Technology Crime Investigation Association, 90 percent of the illicit Web sites using spam to generate traffic are clustered on just 20 registrars ' that is only 2.5 percent of the 800 registrars accredited by the Internet Corporation for Assigned Names and Numbers.
That can make the spam problem seem almost manageable.
'What is shocking is how concentrated this problem is,' said Bruen, founder of the anti-spam service. 'Most providers are playing by the rules. The ones that are not adhering to policy are wreaking the most havoc across the Web.'
The Ohio chapter of the High Tech Crime Investigation Association is holding its spring training conference at Lakeland Community College in the Cleveland suburb of Kirtland.KnujOn
, is an online subscription service where users can send their spam and other unwanted e-mail, which it uses to take the offending sites offline. KnujOn ' that's 'no junk' spelled backward ' doesn't attack the sites directly. It takes advantage of the policies of service providers and site hosts that prohibit spam and deceptive practices. It uses a policy enforcement engine with forensics tools to sort through thousands of samples of unwanted e-mail to profile fraud operations so they can be shared with law enforcement agencies, financial institutions and service providers. 'We fill out the paperwork automatically and follow through on the process,' Bruen said.
The service claims to have shut down more than 50,000 sites so far, and by focusing on the relatively small number of sites that benefit from spam, Bruen hopes to take the economic incentive out of the insidious practice.
The botnets ' networks of compromised computers controlled by hacker ' that send the spam are huge in number, but the more important targets are the actual landing sites advertised in the spam messages. A botnet of hundreds of thousands of computers might generate millions of e-mail messages in a blast. But the spam messages might carry links to only several hundred URLs. The URLs are often redirects that boil down to fewer real domains, and 90 percent of these domains are controlled by just 20 registrars.
'So lots of senders [are] sending lots of messages herding victims into a very small corral,' Bruen said. 'This situation raises interesting questions about who benefits from the sale of junk products and services or who allows these activities to persist.'
William Jackson is freelance writer and the author of the CyberEye blog.