Spam fighters hit criminals' weak spot
- 27 August, 2007 08:30
Is the fight against spam horribly misguided?
For years, spam haters have relied on junk-mail filters and Internet blacklists, but lately, some are saying it's time for a change in tactics.
Their answer: follow the money. And that means going after the Web sites where spammers sell their pharmaceuticals and watches and male enhancement products.
Misguided or not, it's pretty easy to argue that the fight against spam has been a losing proposition of late. At the end of last year, mail administrators noticed a big spike in the amount of spam flooding their in-boxes. Between July 1 and the end of the year, spam jumped to nearly 60 percent of all e-mail traffic monitored by Symantec, and many administrators say it makes up an even greater percentage of e-mail now.
Spam filtering is not the answer, said Garth Bruen, who runs a volunteer project focused on taking down the Web sites run by spammers. Bruen tracks down the ISPs and domain name registrars used by spammers and arranges to have their sites shut down.
"This problem is not going to go away if you ignore it. Blocking and filtering is just a jacked-up technological form of ignoring," he said. "What you want to do is report it and make it difficult for these people to exist on the Net and do their transactions."
Earlier this month, researchers at the University of California, San Diego, endorsed Bruen's position, saying that antispam fighters could really hurt the spammers' bottom lines by targeting their Web sites.
"If there was more diligence in taking down the Web sites, that would have an effect on overall spam," said Chris Fleizach, a research assistant at UC San Diego.
Bruen says current approaches to spam fighting evolved out of a different era -- before spam was widely used for online fraud or delivering malicious software. "When this problem started out, people were annoyed, and a lot of the junk mail at that time was urban legends and chain letters and stuff that wasn't as much of a threat as it is now," he said.
Over the past four years, Bruen has tried to move the fight to a new front with his project KnujOn (that's No Junk backwards, for those who aren't into word games), which has helped shut down more than 30,000 spammer Web sites. The project asks volunteers to send in their spam, and it uses these submissions to build a large database linking sites to known spammers. To date, it has helped take down more than 32,000 of these junk mail sites.
When the project launched, KnujOn tracked just a few thousand Web sites in its database, but that number has now grown to several hundred thousand. Interestingly, the total number of spamming groups has remained constant -- somewhere around 50. "There really aren't many people involved in this," Bruen said.
That's one reason why people like Bruen think that they can make a real difference by targeting the Web. Though critics say that KnujOn may end up fighting the same war of attrition that has already occurred with e-mail blocking, Bruen thinks he can eventually wear the spammers out. "There's a point of exhaustion where they run out of places to go," he said.
KnujOn isn't the only group targeting spammer Web sites. Earlier this month, Computer Cops LLC, the company that runs the PIRT (Phishing Incident Reporting and Termination) phishing take-down program, expanded its efforts to and began doing the same thing.
Computer Cops believes many of the spamming groups are responsible for a lot of other online crime. "We're trying to take a look at all of the Internet crime out there and do criminal profiles," said Paul Laudanski, the company's owner and the leader of the PIRT project. Crime-fighting groups that focus only on spam or phishing don't get the full picture, he added. "If one organization is only focusing on one thing, they're missing a lot of criminal activity."
Scott Conti recently signed on as one of KnujOn's 1300 registered contributors because he liked the project's Web-centric approach. "There aren't many people going back to the source," said Conti, the director of information technology at Greenfield Community College, in Greenfield, Massachusetts. "That's what I thought was interesting about it. They are actually trying to take a proactive approach by going after the sites and going after the ISPs that are hosting them."
Greenfield College is now contributing between 50 and 100 spam samples per week to KnujOn, and in return it gets back information it can use to blacklist spam sites.
The college needs all the help it can get. About 96 percent of the 90,000 e-mail messages processed each day by Greenfield's IT department are spam, Conti said.
It's one of his biggest headaches, Conti said. "We probably get more vocal complaining about spam than just about any other problem we're likely to have."