Monday, September 20, 2021

Are Lawsuits Missing the Real Spam Kingpins?

Four of the world’s largest ISPs may be pulling out the legal stops to go after several

hundred spammers, but industry analysts worry that the true kingpins are still hidden

behind a digital fortress.

America Online, Inc., Earthlink, Inc., Microsoft Corp., and Yahoo!, Inc. have joined forces

to collectively file six lawsuits against hundreds of defendants, including some of what

the ISPs are calling the ‘most notorious large-scale spammers’. These are the first major

industry lawsuits under the new federal Can-Spam Act that went into effect Jan. 1 of this

year.

”This is definitely a good shot across the bow for the spammers that we know about,” says

Mark Sunner, CTO, of MessageLabs, Inc., Inc., a New York-based email security company.

”It’s a good deterrent to the less-sophisticated spammers who will be put off by this. But

the technically savvy spammers, the really major spammers, will be driven further

underground and they’ll take great steps to cover their tracks.”

Sunner and other industry observers say the largest and most dangerous spammers are taking

increasingly technical and stealthy steps to shield themselves from detection.

”The higher-end spammers have stealth techniques down to a science,” adds Steve

Sundermeier, a vice president for Central Command, Inc., a security company based in

Medina, Ohio. ”It’s apparent that so many of the new worms — Netsky and MyDoom and Sobig

— are being put out there by the spammers. They set up zombie machines that send the spam

out for them and that makes it harder to trace the problem back to them… It’s going to be

harder to get to them. It’s going to be harder to scare them.”

For months now, the anti-spam and the anti-virus communities have been saying that there

has been a great convergence between viruses and spam. Virus writers used to produce

malicious code for the thrill of it — to make a name for themselves in the underground

community. Today, they’re more apt to be working for major spammers who want to compromise

hundreds of thousands of machines, opening backdoors and using them to send out unsolicited

bulk email.

Vince Schiavone, president and CEO of the ePrivacy Group, an advisory group that focuses on

spam and other security issues, says spammers also are setting up networks of workers

around the globe to create another layer between themselves and law enforcement.

”We’re talking about spam networks,” says Schiavone. ”They’ve got chains of people so

instead of 10 million spams being sent from one address, they’ve got a network of hundreds

of people each sending thousands of spams. It’s making it harder to find out who’s at the

top of that chain.

”I wonder how many people in these spam lawsuits are really working for somebody else,”

he adds. ”Now that would be interesting to find out.”

But representatives of the four ISPs filing the lawsuits say they are attacking the major

players.

”Today is a red-letter day for big-time spammers, and the letters they should remember

from this day forward are ‘CAN-SPAM,”’ said AOL Executive Vice President and General

Counsel Randall Boe, speaking at a press conference in Washington, D.C. Wednesday morning.

”Consumers should take note that the new law not only empowered us to help can the spam,

but also to can the spammers as well. And we’ll do that, one spam kingpin at a time if

necessary.”

And William Hugh Murray, an executive consultant for TruSecure Corp., a risk management

company based in Herndon, Va., says having the ISPs throw their weight behind the anti-spam

effort is just what’s needed.

”My sense is that this problem has reach such scale that it must be dealt with… the

Internet, as we know it, is broken,” says Murray. ”These ISPs are big players with muscle

and money. We need them involved in this fight… If we don’t do something, we’ll have

reached the point where the public’s trust will be broken and it won’t be repaired.”

No one is arguing that spam is out of control.

Several anti-spam companies, including MessageLabs, have recently said that spam is

increasing at such an alarming rate that even though it accounted for 24 percent of all

email a year ago, it is expected to make up 80 percent of all email being sent around the

world by the third-quarter of this year.

And it is affecting how — or how little — people are using email.

Spam actually now is driving people away from using their email. A recent report from the

Pew Internet & American Life Project, an organization focused on researching the Internet’s

impact on society, shows that people are actually using email less because they don’t want

to deal with the digital scourge.

What analysts can’t agree on is how to stop it. And some say that the ISPs lawsuit, while a

good step, just isn’t the silver bullet that many hope it will be.

”I do think legislation is a good thing and it’s encouraging to see ISPs going after

people,” says MessageLab’s Sunner. ”The fact that this is happening, clearly, is not

going to mean that spammers around the globe stop sending spam. They’ll just take greater

steps to cover their tracks.”

Similar articles

Latest Articles