Microsoft founder Bill Gates famously predicted at the 2004 Davos World Economic Forum that spam would be eradicated by 2006. He could not have been more wrong – it now accounts for roughly 70 per cent of all e-mail messages on the internet.

Worse, it is often the front end for serious crime. Information technology managers are increasingly finding key-logging software on their systems that detect every keystroke made on a computer and can pick up passwords to unlock bank and credit card accounts or other sensitive information.

At the Red Herring 2006 spring conference in California, a prestigious technology get-together, experts discussed how business worms have shifted from juvenile mayhem to lucrative targeted theft. For example, one of the world’s top spammers is estimated by US federal law enforcement officials to earn $30m a year from his spamming business, which has seen him flooding 280 million e-mails to just one internet service provider.

The anti-spamming industry has also grown dramatically. It has been estimated that the messaging security market, which offers anti-spam services and outbound filtering, will reach $2.6bn by 2009, up from $675m in 2004, according to research firm IDC. It has been projected that the market for secure content management, such as virus protection, web filtering and spyware, will hit $11.4bn by 2009, up from $4.8bn in 2004.

Much anti-spamming activity has been driven by the threat of viruses and other bugs attached to messages. The 2005 FBI Computer Crime Survey estimated that annual losses to US businesses from computer crime – including virus attacks, network intrusions and financial fraud – is now around $67bn a year. It added that 87% of the companies responding to its survey reported a security incident.

Spam – the innocent-looking front-end of cyber crime – may still appear to be an annoyance on a par with unsolicited post or junk faxes. It differs, though, from traditional paper junk post and telemarketing in that it is not closely regulated by international law and the costs are down to the recipient. The spammer blasts out his message for free to hundreds of thousands of people, thanks to signing up for a throwaway account or a free trial disk.

According to law enforcement authorities – including the US Postal Investigation Service, US Secret Service and the FBI – and special units at eBay and Microsoft, the suspects behind computer crime are usually organised gangs of young hackers who meet in underground forums with names like DarkMarket.org and theftservices.com to trade information and co-ordinate international scams.

A favourite trick to elude anti-spammer filters is the stock spam, which uses random dots. Then there is the use of new words to replace tainted ones, such as referring to a watch as a “wrist accessory”.

Spammers also use words with spaces between the letters to fool filters designed to look only for whole words, as they did as in an e-mail message advertising a work-at-home opportunity out of “T u l s a , O k l a h o m a”.

Anti-spamming companies try to stop junk being delivered to inboxes using what is called IP blocking. This prevents the receipt of messages from a particular internet protocol address identified as a spamming source.  Spammers get around this by turning to “zombie bots” to get their message out. These are vast networks of personal computers surreptitiously infected with malicious software, which, without the owners’ knowledge, relay spam, viruses, “update your bank account” messages and other unwelcome messages. Half to three-quarters of all spam is delivered this way according to a Federal Trade Commission report to the US Congress.

How do the anti-spamming companies fight back? The filtering database at MessageLabs, a top anti-spamming firm, looks for new “zombie bots” by studying the behaviour of e-mail messages from new addresses. It knows that normally a machine delivers a message to another with an identifying string of code. When a sending machine communicates in, say, four different ways within a small time frame, its behaviour can indicate that it is not a real computers but one of these drone armies. But it is the content of a message, not the algorithms or software footprints, that flag up spam. This makes spam even more tricky to weed out because senders often use web-based e-mail services like Yahoo or Gmail, making IP blocking impractical. Also, their wording does not usually provide any particular string that leads to safe rule making about filtering out communications.

Bank account e-mail scams – messages seeking an advance payment to rescue a deposed prince or to collect a percentage on some fortune – are providing a way to crack the problem. MessageLabs has been on the case.  So far, it has compiled a database of 15,000 scam messages and, through pattern analysis, has built up a family tree of them. Most pitches are derived from a few hundred templates and the company’s Scam DNA software has codified these into an algorithm that can apprehend new scams based on the old ones before they hit the screens.

Maybe detective work will zap the flood of e-mails about “C i a l i s”, “st0x” or “Viiiiagra” flooding into inboxes worldwide. They are the handiwork of a man that Spamhaus.org, a London-based watchdog group, claims is the world’s third most notorious and prolific spammer. He is thought to be in Russia after having fled prosecution in the US and is reported to be still very much in business. He and a Ukrainian who Spamhaus rates as the world’s top junk mailer are suspected to be flooding the world’s e-mail systems with five million messages an hour – some 10% of all e-mail on the internet.  

Notorious spammers also include a 26-year-old Russian with a university degree in physics who is suspected to be connected with the theft of a million credit card numbers. He and his accomplices conduct due diligence on the computer networks of targets, sometimes setting up fake companies at credit card processors to test for holes in the system and using proxy services in the US, China and Ukraine to hide their internet connections.  

A young man based in Moscow, who goes by the name of Smash and uses the avatar of a fallen angel, is known to be expert in building spyware programmes and codes that can track web surfers’ keystrokes. His company hawks spyware on the web and one of its products, retailing at $834, was created for attacking German companies. Smash and another sought-after hacker jointly operate the International Association for the Advancement of Criminal Activity, www.theftservices.com , which is hosted by a Malaysian web service and features fraudsters using credit cards at banks and stores.

Spammers can hide themselves and their operations where law enforcement is lax, such as in Russia, eastern Europe, China and Nigeria. Most spam is just that: low-rent pitches for stocks and penis enlargement pills. But there are also more immediate menaces. Because some spammers can churn out 200 million or more messages a day, and because less than 1% of those need to bring responses from users to turn handsome profits, there is little incentive to stop.  

And controlling them may take more than enlisting the services of anti-spamming firms or setting up initiatives such as the National Cyber Forensics & Training Alliance, a cyber crime intelligence unit jointly operated by the FBI and the US Postal Inspection Service in partnership with universities. The defiance of spammers can be potent: one of them recently forced one – Blue Security, an anti-spam company based in Israel – to shut down its services. The company had given customers the power to enact mob justice on spammers by overloading them with requests to be removed from mailing lists. A spammer in Russia retaliated by knocking out its web site and threatening virus attacks against its customers. Blue Security said it would back-off rather than be responsible for a cyber war.  

Biography