March 11, 2009, 8:20 PM — What does Symantec say about spam? There's a whole bunch of it, but spam volume dropped by more than 75 percent on November 12th last year for a simple reason: the computers controlling spam-spewing zombie PCs were disconnected from the Internet. Can we apply that success for a more permanent solution? Some, but it's not that easy.
I sat in on a session entitled "The State of Spam: An In-depth Look at the Latest Threats and Trends during ManageFusion yesterday. Kinda scary.
Normal days see about 101 billion (yes, billion) e-mail messages zoom across the Internet. Of that, about 91 percent, or 92 billion (with a b) of those messages are spam. So far, the spammers are winning, as they have for the last decade or so.
The wonderful drop in spam on November 12th came when security experts discovered one of the major command and control networks, the codes that feed and unleash spam zombies, were hosted at a single co-location facility. The minute the upstream Internet providers cut that co-location company away from the Internet, the volume dropped. If we can find the spam brains, we can disconnect them from the spam body of zombie PCs numbering in the hundreds of thousands. But finding them remains tough.
Just days after the line was cut eliminating one command and control network, another network picked up the slack, and spam volume jumped back to the earlier levels. Bummer. But some lessons learned will help in the future.
Symantec is big on "Reputation" for various spam and virus control products and block known bad actors. That used to work well with spammers, but now the spammes change machines constantly. So Symantec drills down into the content of spam messages, using all the tricks they've learned.
And Symantec "sees" about 30 percent of he world's e-mail every day as it goes through their products in the field protecting clients. This gives them plenty of material for research.
Leveraging that reputation angle, Symantec uses what they call "Adaptive Reputation Management" to identify as much as 90 percent of spam before it hits your inbox. They track the good sites, they track the really bad ones, and they keep a close eye on those in the middle.
Why is there still so much spam? Money. In the last 30 days, 27 percent of spam has been real or fake messages about products. Evidently, some people still fall for that. Tell your coworkers to smarten up.
If you're wondering, the US sends the most spam, about 21 percent of the world's total each day.