Spam situation definitely not getting any better

By Peter Vogel

Recent reports from e-mail and security firms such as Sophos and TrendMicro suggest that the spam mail situation is worse than ever. Some estimates place the spam percentage of all e-mail traffic well over 80 per cent. True, much of this spam is innocuous, but no by no means all of it is.

In my own school we use a fairly sophisticated piece of software on our mail server to keep the spam volume for our users at manageable levels. So reliable is that spam filter that I seldom see unwanted mail at school.

I can't say the same for my personal e-mail address (peterv@portal.ca), managed locally by Uniserve Communications. To be fair, my portal.ca address is one of the older B.C. addresses, and the original Internet Portal Services was bought out by Uniserve quite a few years ago. The Portal pool of customers is probably rather insignificant to Uniserve, and little seems to have been done help stem the spam onslaught.

What I can say is that my portal.ca e-mail pretty much mirrors the real-world spam statistics. Some mornings I'll be met by one useful piece of mail for every 25 pieces delivered. Now this is Web-based mail, for which I'm really at the mercy of my service provider. If I choose to pull my mail down through a local client, say Outlook or Eudora, then I can put my own spam filtering tools to work, but so useful has Web-based mail become to me that I've become dependent on my ISP.

Still, all isn't lost when it comes to spam. In fact I quite enjoy tearing apart pieces of spam mail to see how they are designed. I particularly enjoy the ever-morphing social engineering techniques that are used to ensnare unwitting readers.

Last week, in the midst of a fairly major spam "storm" a good old standby appeared in my mailbox after a long absence. The come-on is a warning that your computer has been compromised and that you should run the attachment to clear out the problem. To top it off it is made to look as if it originates with your ISP.

Dear user peterv@portal.ca,
We have received reports that your email account has been used to send a huge amount of spam during the recent week.
Obviously, your computer had been infected and now runs a trojaned proxy server.
Please follow our instructions in the attached file in order to keep your computer safe.
Virtually yours,
portal.ca support team.

This is the good old W3/MyDoom trojan still hard at work more than two years after it surfaced. Appearances to the contrary, the message doesn't originate from my mail service provider.

Clicking on the attachment to ostensibly "clean" the "trojaned proxy server" won't do much good. In fact it will accomplish exactly the opposite. Your computer will indeed be compromised, by an action you've taken. Just like the famous wooden horse, bypassing security features, brought inside to unleash its nasty capabilities.

Just what exactly is meant by "trojaned proxy server," you ask. Effectively it means that your computer can be remotely controlled, carrying out actions remotely for an anonymous hacker. Many such computers controlled from a central location are sometimes referred to as zombies in a botnet.

What might that anonymous individual want with your computer? Most likely it is to use it as a spam sender, or to have it carry out attacks on other computers, or even to host less than desirable Web sites. Identity and personal information theft is also a possibility.

In my case the attachment was identified as "instruction.scr" and the message appeared to originate from a mail server at cs.uchicago.edu (the computer sciences department at the University of Chicago). The "scr" filetype extension is commonly used for Windows screen savers. Since such screen savers are actually programs, a virus producer can bury his handiwork under the same sort of label.

Oddball site of the week

Steven Bochco's Cafe Confidential at www.metacafe.com bills itself as one of the world's largest online video broadcasters. Think Youtube and Google Adsense combined.

Video posters can make money once a video hits 20,000 views. Top earner "kikpay" has pulled in close to $30 k with a wide assortment of "how to" videos, ranging from "Unlock Handcuffs with a Bobby Pin" to "Digital Camera Hack."

Peter Vogel is a Physics and Computer Sciences teacher at Notre Dame Regional Secondary School (www.ndrs.org). Suggestions and comments may be sent via e-mail to peterv@portal.ca.