Security's Everyman

Security's Everyman

Monday, September 03, 2007

Spam Attack

This weekend my wife and I took our 2 girls to the Atlanta Children's Museum. They had a special exhibit that was a recreation of Sesame Street. Both of our girls watch Sesame Street and of course my wife and I both grew up watching it. We were pretty excited about taking the girls to see and experience it. When I was checking into it I was kind of surprised to see that tickets were $11 each for everyone one 2 years old. That meant that we had to buy 4 full priced tickets. I had a feeling that it wouldn't be worth $44 dollars but it was for the girls so I was willing to do it. It did turn out that it wasn't worth it. It would have been better if we hadn't found out how to get to Sesame Street.

We got there and it seemed like every kid in Metro Atlanta was there. Plus the each had at least one if not both parents there. My wife described it as "stay at home mom hell". Kids were running around everywhere screaming, laughing, pushing, shoving and just generally acting crazy. Just like kids are prone to do.

I was checking my email over the weekend and I noticed that not only was I getting lots of spam but lots of spam was getting past my filters. That means that I was checking my email I was having to sort through lots of JUNK! People wanting me to act as their US representative and share millions of dollars with them. I've won the UK lottery at least 25 times in the last month. Enough grass seed spam to turn the earth into a "lush tropical paradise". I could even grow hair on Santa's head. :) Then there are all these people who think that I need to be a few inches taller. I just don't understand.

Then it hit me that our experience at the Children's Museum must be similar to what an email server experiences with all that spam. (OK, I know I'm really reaching here but it did occur to me) The museum was set up in a particular way to handle a certain number of kids in an organized fashion but when the attendance exceeds expectations then chaos occurs. Just as an email server is set up to do a specific function then you add a spam filter to help keep out the junk. As email comes into the system in greater quantities then it makes it more difficult for the system to function as it was designed. Just as kids run amuck and cause chaos all of the spam causes chaos on the server. Then spam gets through the filter and into your inbox.

Then just as with more and more kids running around someone is bound to get hurt. I saw 2 or 3 minor injuries occur and one of them involved my youngest. I didn't see it but my wife told me that a mother knocked her down and turned and said sorry and went on chasing her kid. As more and more spam gets through our filters the likelihood of someone acting on one of them increases and as that increases the likelihood that a virus, worm, rootkit or keystroke logger is going to get installed on your network or home system.

Unlike the museum where I at least understand why parents bring their kids there and allow them to run amuck I still don't understand why people actually act on these emails. Why they buy stuff advertised in them. Why they click on links promising them great pictures, the latest movie, the best price or the greatest deal on improving their whatever.

That leads me to this weeks information security poll.

"Have You or anyone you know actually bought something sold via spam or gotten a virus due to clicking on a malicious email link?"
A. Yes, I bought something.
B. Yes, I know someone who bought something.
C. No, I have not bought anything nor no anyone who has.
D. Yes, I have gotten a virus via a malicious email link.
E. Yes, I know someone who has gotten a virus via a malicious email link.
F. No, I have not nor do I know anyone who has gotten a virus via a malicious email link.

In this poll you will be able to choose more than one answer so please answer all that apply. If you do have a good story to tell please take a moment and leave me a comment about it. I'm sure some of you have great stories to tell.


Allen Baranov, CISSP said...

I know someone who clicked through to a lottery page and it downloaded a virus that then downloaded other stuff etc etc. We tried to clean the machine unsuccessfully until it started displaying XXX porn and at that stage we reinstalled the whole PC.

I don't know anyone who actually responds to spam messages (or admits it) but it obviously works or it wouldn't be done. I believe that the chance of getting someone to buy something is 1,000,000 to 1. So with 30,000,000 spams you will only sell 30 boxes of Viagra. However, you make a fairly nice profit for each box.

Taking your analogy further: spammers are only expecting a small number of replies to their spam and have systems configured as such. I read on slashdot that the way to mess with spammers is to beat them at their own game - overwhelm their servers with purchase requests which you then back out of, that way the genuine requests can't be processed.

James.Costello said...

I have cleaned up quite a few machines for friends and family over the past few years because they have clicked on something that arrived in spam e-mail. An in-law who will remain unnamed bought sox for a boss from a site sent via spam.
My ISP does not provide any filtering for SPAM and that is a bit disappointing. They are a national company with quite a bit of bandwidth and they have not implemented an anti-SPAM solution. That really just exacerbates the problem, if the "big boys" aren't willing to do something to stem the tide, what can the rest of us do. It is as though they are a dam and are choosing to leave the flood gates wide open. That would not be acceptable in the real world, why do we accept it in the virtual world.

Marcin said...

I wanted to answer "No, I have not bought anything nor no anyone who has. AND Yes, I know someone who has gotten a virus via a malicious email link." but because I didn't read through the entire post, I only chose the former... doh!

Anyways, I do know someone who replied to a spam email that asked for the credit card information or else their Internet connection would be cancelled. I don't remember anything happening with it though, since the email bounced due to a spoofed source address.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.