There have been some tough recent legal actions against spammers. While this may deter some, anyone that routinely uses email will tell you that it doesn’t seem to have reduced the spam deluge.

I’ve been wondering if the most popular anti-spam technology countermeasures used today aren’t actually adding to the problem?  To help answer this question one has to first look at how most email spam is being sent.  It is estimated that up to 80% of the spam sent today is being sent by zombie computers.  Wikipedia defines this zombie and spam process as:

A zombie computer, abbreviated zombie, is a computer attached to the Internet that has been compromised by a security cracker, a computer virus, or a trojan horse. Generally, a compromised machine is only one of many in a “botnet”, and will be used to perform malicious tasks of one sort or another under remote direction. Most owners of zombie computers are unaware that their system is being used in this way. Because the vector tends to be unconscious, these computers are metaphorically compared to a zombie.

200701261359

Infected zombie computers — predominantly Windows PCs — are now the major delivery method of spam.

Zombies have been used extensively to send e-mail spam; as of 2005, an estimated 50–80% of all spam worldwide was sent by zombie computers.  This allows spammers to avoid detection and presumably reduces their bandwidth costs, since the owners of zombies pay for their own bandwidth.

The most effective technical countermeasures to date against this spam barrage has been effective filters that can automatically detect 99% of spam with almost no false positives.¬† As effective as this method is in protecting the user it does nothing to solve the root problem of the amount of spam that‚Äôs clogging and consuming valuable Internet bandwidth. The “problem” revolves around the fact that spam is profitable and spamming success is simply one of numbers.¬† For example:

• Your selling a product for 5$;
• You send out 1,000,000 spam emails using no cost zombies;
• 10% of those reach people and are opened and read (50,000);
• Of that 10% only 2% click through and buy your product (1,000); and
• At 5$ each you make $5,000.

The popular defensive mode of filtering can actually add to this problem.  For example let’s apply a 99% accurate spam filter to the above example:

• Your selling a product for 5$;
• You send out 1,000,000 spam emails using no cost zombies;
• now only 1% of those reach people and are opened and read (10,000);
• of that 1% only .2% click through and buy your product (20);
• At 5$ each you just made $100; and
‚Ä¢ At this rate of reply you’ll have to send 50,000,000 spam emails in order to make the original $5,000.

Since there is almost no cost to the spammer with using the zombies, sending this additional spam is not a problem. He may only have to utilize a few more infected zombie computers.  So by having effective spam filters we may be protecting the average users inbox but increasing the total overall spam being sent.

I’m writing on this because I’ve been using an application called SidewinderX that attacks spam or junk email differently.  SidewinderX analyzes the email and sends abuse notifications to those individual’s or ISP’s that may be involved.  I’ve mostly gotten automatic replies back from the involved ISP abuse teams, but I’ve received several follow-up reports.  In those the ISP indicated that the reported spam email came from a zombie on their network. Their countermeasure was to notified the user requesting that they clean up their PC or else be taken off-line.  I realize some might say that I’m creating another type of spam by reporting all this, but it does seem to have reduced the amount of spam I’m receiving.

As the Wikipedia article states, most users are unaware that their PC is being used as a zombie. I believe  most ISP’s and users, if informed, would take the needed steps to prevent this from continuing.  Perhaps there could even be some custom free tools that would make clean-up of zombie machines easier.

Wouldn‚Äôt it seem more effective to eliminate up to 80% of the email spam by identifying, eliminating, or blocking the zombie computers that are being used for spam?¬† Where’s the technological efforts for that?

Again it may be about money.¬† There’s money in building filters that you’ll buy to stop the spam from reaching your inbox, but how does a company make money detecting and stopping these zombie computers?¬† Who pays them and if they’re not going to be payed, why would they do it?

Update: 1/26/07, 19:30pm EST

It appears that the problem with zombie computers may be even larger then I thought.

Slashdot | 25 Percent of All Computers in a Botnet?:
Beckham’s_Ponytail writes to mention an Ars Technica article, with some disturbing news out of the World Economic Forum in Davos, Switzerland. Vint Cerf, one of the ‘fathers of the internet’, has stated that the number of botnets online is larger than believed. So large, in fact, that he estimates that at this point one in four computers is infected with botnet software. We’ve discussed the rise of botnets numerous times here on Slashot, but the image of 150 million infected computers is more than a little bit sobering.

Technorati Tags: spam, zombies