Four of the world’s largest ISPs may be pulling out the legal stops to go after several
hundred spammers, but industry analysts worry that the true kingpins are still hidden
behind a digital fortress.
America Online, Inc., Earthlink, Inc., Microsoft Corp., and Yahoo!, Inc. have joined forces
to collectively file six lawsuits against hundreds of defendants, including some of what
the ISPs are calling the ‘most notorious large-scale spammers’. These are the first major
industry lawsuits under the new federal Can-Spam Act that went into effect Jan. 1 of this
year.
”This is definitely a good shot across the bow for the spammers that we know about,” says
Mark Sunner, CTO, of MessageLabs, Inc., Inc., a New York-based email security company.
”It’s a good deterrent to the less-sophisticated spammers who will be put off by this. But
the technically savvy spammers, the really major spammers, will be driven further
underground and they’ll take great steps to cover their tracks.”
Sunner and other industry observers say the largest and most dangerous spammers are taking
increasingly technical and stealthy steps to shield themselves from detection.
”The higher-end spammers have stealth techniques down to a science,” adds Steve
Sundermeier, a vice president for Central Command, Inc., a security company based in
Medina, Ohio. ”It’s apparent that so many of the new worms — Netsky and MyDoom and Sobig
— are being put out there by the spammers. They set up zombie machines that send the spam
out for them and that makes it harder to trace the problem back to them… It’s going to be
harder to get to them. It’s going to be harder to scare them.”
For months now, the anti-spam and the anti-virus communities have been saying that there
has been a great convergence between viruses and spam. Virus writers used to produce
malicious code for the thrill of it — to make a name for themselves in the underground
community. Today, they’re more apt to be working for major spammers who want to compromise
hundreds of thousands of machines, opening backdoors and using them to send out unsolicited
bulk email.
Vince Schiavone, president and CEO of the ePrivacy Group, an advisory group that focuses on
spam and other security issues, says spammers also are setting up networks of workers
around the globe to create another layer between themselves and law enforcement.
”We’re talking about spam networks,” says Schiavone. ”They’ve got chains of people so
instead of 10 million spams being sent from one address, they’ve got a network of hundreds
of people each sending thousands of spams. It’s making it harder to find out who’s at the
top of that chain.
”I wonder how many people in these spam lawsuits are really working for somebody else,”
he adds. ”Now that would be interesting to find out.”
But representatives of the four ISPs filing the lawsuits say they are attacking the major
players.
”Today is a red-letter day for big-time spammers, and the letters they should remember
from this day forward are ‘CAN-SPAM,”’ said AOL Executive Vice President and General
Counsel Randall Boe, speaking at a press conference in Washington, D.C. Wednesday morning.
”Consumers should take note that the new law not only empowered us to help can the spam,
but also to can the spammers as well. And we’ll do that, one spam kingpin at a time if
necessary.”
And William Hugh Murray, an executive consultant for TruSecure Corp., a risk management
company based in Herndon, Va., says having the ISPs throw their weight behind the anti-spam
effort is just what’s needed.
”My sense is that this problem has reach such scale that it must be dealt with… the
Internet, as we know it, is broken,” says Murray. ”These ISPs are big players with muscle
and money. We need them involved in this fight… If we don’t do something, we’ll have
reached the point where the public’s trust will be broken and it won’t be repaired.”
No one is arguing that spam is out of control.
Several anti-spam companies, including MessageLabs, have recently said that spam is
increasing at such an alarming rate that even though it accounted for 24 percent of all
email a year ago, it is expected to make up 80 percent of all email being sent around the
world by the third-quarter of this year.
And it is affecting how — or how little — people are using email.
Spam actually now is driving people away from using their email. A recent report from the
Pew Internet & American Life Project, an organization focused on researching the Internet’s
impact on society, shows that people are actually using email less because they don’t want
to deal with the digital scourge.
What analysts can’t agree on is how to stop it. And some say that the ISPs lawsuit, while a
good step, just isn’t the silver bullet that many hope it will be.
”I do think legislation is a good thing and it’s encouraging to see ISPs going after
people,” says MessageLab’s Sunner. ”The fact that this is happening, clearly, is not
going to mean that spammers around the globe stop sending spam. They’ll just take greater
steps to cover their tracks.”