There have been some interesting stories regarding email spam that have hit the news cycle over the past couple of weeks. A story out of the UK has been making the rounds claiming that users reported a 43 percent increase in the amount of spam they have received over the last year. Another story that has gained a great deal of attention speaks to the possibility of an Android-based botnet that is responsible for sending spam emails, “Sent from Yahoo! Mail on Android.”
While spam related topics making the news are nothing new, these two headlines do speak to what may be in store for the upcoming months.
More spam on the way
For a while, the volume of emails labeled as spam had been on a down tick. People had reported seeing less spam infiltrating their inboxes.
This is always a good thing. It means that the solutions in place to stop spam at the gates are working. Since most organizations have some sort of anti-spam protection in place, it is only natural that the levels of spam would level off and then decline.
Unfortunately this also means that spammers and cyber criminals would respond with newer techniques that would be able to defeat many of the spam filters out there.
The reported increase in the levels of spam provides evidence that this may be the case.
After all, if spam was down and now the levels are rising again it must mean that the methods used by spammers are changing to bypass the tools we have in place to protect our inboxes.
Android sending spam – the supporting evidence
Now the evidence we provided is circumstantial at best. We have no definite proof that the spammers are getting wise to what is keeping their emails at bay. We have no hard evidence that they have found ways to circumvent the anti-spam filters either.
This new botnet, if it does in fact exist, operates as a result of insecure Android apps. These apps are believed to be pirated copies of legitimate applications that users are downloading. However, in addition to the software it is believed that users are installing a Trojan horse on their device as well. This piece of malware makes it possible for a cyber criminal to take control of the Android device and send spam from it.
The reason there is no proof that the apps in question are at the root of any spam is because the data found in the email that claims it is sent from an Android device is easily replicated. It could be that the spam is being sent from an infected PC that is simply using Android as a scapegoat to thwart detection.
But to deny these allegations would be the equivalent of sticking our heads in the sand and hoping that everything will be ok.
If the past has taught us anything, it won’t.
What can be done
In today’s business world, it is hard to find an organization that neglects the issue of spam. People know that spam costs money. It sucks up resources and time and that equates to dollars.
Because it is so costly, measures are put in place to defend against it. But if the measures aren’t fully protecting the organization then their spam fighting efforts will always be at least one step behind the bad guys.
To effectively fight spam, your anti-spam solution needs to have zero-day protection measures. This helps your system identify patters found in spam messages so it can stop them before they cause harm.
Without technologies such as Bayesian filtering that can identify malicious patterns in emails or anti-spam engines that don’t require manual updates, your efforts are at the mercy of the people tasked with managing the software. In a small business, this can be disastrous.
Regardless of what we read in the news, the fight against spam will continue into the next decade. The keys to winning the battle are to be as vigilant as possible and keep up with the latest technologies used to fight what ever the bad guys throw at us down the road.