Today is my 8-year anniversary of fighting spam. It was July 12, 2004, that I got the job at Frontbridge as a spam analyst and we headed down to Los Angeles for 4 weeks of training. Here’s a recap of 8 general trends that have happened since then:
- Image spam - In 2006, there was a huge outbreak of image spam. This was a different kind of spam in that the content had very little words and just an inline jpg or gif. This type of spam far dwarfed any campaigns we had seen to that point. Image spam is not nearly as popular now and most filters have adapted to it, but it was the first major spam campaign I had seen that did a good job at evading filters.
- The rise of botnets to spam – Also in the year 2006 and spilling into 2007, spam from botnets increased substantially. While botnets had always been used, during that time their use exploded (at least in mail sent to our networks). It was during this era, and through until 2009, that spam reports in industry would make the claim that spam was 95% of all email. Since 2010, that percentage has declined.
- The diversification of botnets – As spam filters started getting better and better at blocking botnets, mostly by making use of IP blocklists, the botnets adapted. The biggest shift is away from sending spam from bot’ted machines to using botnets to send spam from legitimate webmail accounts like Hotmail, Yahoo and AOL. Spammers use these botnets to remotely login to accounts they have created to send spam from them, knowing full well that spam filters will not block these IPs.
Botnets have diversified into other activities, too. They host malware, compromise websites, perform fast fluxing, do black search engine optimization, and other criminal activity.
- The rise of using compromised accounts – Also related to the above, spammers have shifted away from using compromised machines to compromising legitimate accounts. They will steal user credentials and use their botnets to login to users’ accounts and send tons of spam from them. They do this because people will not trust mail from users they don’t recognize, but they might trust mail from people they regularly communicate with.
- The disappearance of spammers – There has been a lot of activity in the anti-abuse community infiltrating botnets and shutting them down (Rustock, Zeus, Spyeye, etc). In response, spammers have gotten smaller. Spam is now only 2/3 of all email, way down for its peaks. This is because spammers are more narrowly targeting their attacks and trying to avoid attracting so much attention.
- The rise of bulk mail – I wrote a post recently that Hotmail is providing tools to block bulk mail. When I first started, this type of spam was common but it was much less than malicious spam. Nowadays, greymail (dark shades of gray) outnumbers malicious spam. Spammers who used to send out malicious spam are still doing it, but they are not doing it via spam the way they were before. This has created a niche market for the snowshoe spammer.
- The rise of malware – Viruses in the 1990’s were designed to disrupt user’s productivity; it was a bit of a fun thing. During the past 8 years especially, malware has become more dangerous – they are designed such that the user is unaware of their presence, but they are doing nasty things like steal money from your bank accounts, or turn your computer into a spam-spewing agent. Malware has seen a rise in frequency similar to the way spam did in 2006 and 2007.
- The rise of state sponsored malware – With revelations earlier this year that the Stuxnet worm was the work of governments, it signals a shift in the way we view malware. Who’s at risk? Should ordinary users be concerned? What are the rules of engagement? Is Die Hard 4 going to come true? This is the least transparent trend out of all of them.
That’s the way I saw the world during the past 8 years. What will happen in the next 8? I didn’t foresee #5 and #8. I wasn’t too surprised at #3.
What do you think is the next big thing?