Spam Evolution 2006: Executive Summary

An overview of spam in 2006

1. Spam made up 70 – 80% of total email traffic on the Russian Internet. The lowest percentage (44.1%) was recorded on 4th January 2006, with the highest figure for the year (91%) being recorded on 26th November 2006.
2. The majority of spam sent to Russian email users originates in Russia, the US and China.
3. 2006 was the year graphical technologies were widely used by spammers.
4. Spammers continue to disguise spam as personal correspondence in order to get users to read the entire message and react as the spammer wants them to i.e. call a designated number, click on a link, etc.).
5. Spam in different languages has different features:
   • Russian-language spam offers educational services and all sorts of goods, ranging from busts of Putin to devices which will ‘translate’ a dog's bark;
6. English-language spam offers stocks and shares, Viagra and inexpensive software.
7. Legal counsel and audit services were new topics for Russian-language spam.
8. Spam is becoming increasingly criminalized. Spammers on the Russian Internet are using text messaging services.

In comparison to 2005, there were no major changes in the volume of spam in 2006. It seems as though spam has reached a saturation point at about 70 – 80% of all email traffic; if this figure increases any further, the situation could become critical. The balance is very fragile and could be disrupted at any moment.

As of 1st July 2006, Russia introduced new amendments to the federal law on advertising, with a new clause regulating advertising “distributed via electronic communications”. However, this did not have any significant impact on spam on the Russian Internet.

Nevertheless, by the end of summer 2006, the volume of spam on the Russian had decreased. This was mostly due to a decrease in spam advertising consumer goods. However, the reason for the decrease isn’t clear yet – it could be that spammers’ potential clients were taking a “wait and see” attitude in response to the new amendment. Or it may simply be that they had already used their advertising budgets for that period.

Whatever the reason, the decrease in came to a halt in September 2006; by the end of November, spam accounted for nearly 80% of all email traffic. By this time, Russian-language spam offering legal counsel and auditing services on the Russian Internet was appearing more frequently and accounted for 4% of all spam during the final quarter of 2006. Sad though it may seem, even Russian lawyers appear to have ignored the new amendment banning this type of advertising.

Even the existence of antispam legislation can’t stop spam; spam is a global phenomenon which is not subject to traditional geographical boundaries. According to Kaspersky Lab data, just 22% of all spam sent to the email addresses of Russian Internet users is sent from Russia. Another 20% comes from the US and 11% originates in China.

It’s no surprise that the vast majority of topics which made the top five list in 2006 are predominantly found in English-language spam. The one exception is ‘Education’, the vast majority of which is Russian-language messages).

The criminalization of spam, which started almost the minute spam became an industry, continued in 2006. In order to use spam for criminal purposes, mass mailings have to be anonymous and there has to be a lack of effective legislation. Criminalized spam made up a high proportion of spam in the “computer fraud” category, (14.3% of all spam), but is also starting to be seen in other categories.

During the past year, spammers also demonstrated their ability to work together against antispam developers. One example is the series of attacks against Blue Frog, an antispam service, which lead to the project’s closure. The potential for spammers to consolidate and centralize on an international scale poses a new threat to cyber security.

In 2006 spammers renewed their attempts to evade antispam solutions and started using graphical spam (spam in which the message text is made up of images). The technology behind graphical spam first appeared back in 2003-2004. During the last three months of 2006, however, spammers effectively perfected the approach whereby graphical attachments would be modified within a single mass mailing. The only real “innovation” in 2006 was animated spam, which evolved naturally from graphical spam.

Despite certain difficulties faced by antispam developers, the issue of graphical spam is not as problematic as it might appear from a technical point of view. Graphical and animated spam does not represent a major threat to email systems equipped with spam filters.

In 2006, the key technologies used to generate and send spam remained unchanged:

• Most spammers use botnets, i.e. infected home-based personal computers remotely controlled by malicious users to send spam.
• Spammers are still using the same techniques to evade antispam solutions: automatically generating text using a preset template, using HTML to hide certain text from the user, and attaching advertising text to the email in graphical form.

In spite of all the tricks used by spammers, today’s antispam solutions offer excellent levels of spam filtration and are able to intercept more than ninety out of every hundred unsolicited emails. That is why spammers are proactively looking for new markets for their services, and are migrating to IM clients and cellular communications.

What to Expect in 2007

2006 demonstrated that from a technical point of view, antispam developers have already managed to counter spammers and provide reliable protection. But the volume of spam is increasing and the problem of spam as we know it will not be solved in the foreseeable future. It's clear that the trends of 2007 will be the following:

• Spam is not going to disappear from inboxes, nor is the volume of spam going to decrease in the near future. Spammers will continue to look for new ways of evading antispam protection, and antispam experts will continue to repel spam attacks successfully.
• Probably no new spam technologies will appear in 2007. However, the technologies currently being used will be developed further.
• It seems likely that spammers will continue developing graphical spam, even though there is little reason to see this as a particularly promising route for spammers. Major antispam solutions are fully capable of detecting graphical spam.
• Spammers will continue to develop the technology which uses a template to automatically generate multiple versions of a coherent text within a single mass mailing. They may also employ linguistic algorithms, rather than simply using their intuition as has been the case in the past.
• Spam will become increasingly criminalized in 2007, and English-language spam will be adapted for a Russian audience. New types of cyber fraud which specifically target Russian Internet users are also likely to evolve.

The full report can be found at Kaspersky Security Bulletin 2006: Spam (www.viruslist.com).