Spam plateaus - but worse times to come?

The level of spam hitting users' inboxes has reached a plateau, showing little increase in recent months, leading some in the industry and the media to predict we may be on the verge of a meaningful decline in volumes of unsolicited mail.

But any celebration is misguided and more than a little premature according to those working at the coal face, with one anti-spam expert warning it could even be the quiet before the storm due to a sophisticated Trojan attack being launched right now.

Steve Purdham, CEO of SurfControl, told silicon.com that it would be unwise to start predicting the end of spam, or even the beginning of the end.

"The plateau is certainly confirmed but a plateau at the kind of volumes we're still talking about doesn't really mean anything," he said

Mark Sunner, CTO of MessageLabs, said his company's own monitoring of the problem puts that figure at around 80 per cent of all email traffic, but added the simple fact that legitimate email will always exists amid the spam is one factor forcing the plateau and hardly reason to proclaim victory.

SurfControl's Purdham added further cause for concern. "While the volume of spam as a percentage of total email traffic may not be increasing, the maliciousness of what is being sent certainly is," added Purdham. "Malicious phishing scams, spyware, Trojans and viruses are all playing a far greater role in the tactics of the spammers now whereas previously it was porn and adverts for Viagra."

If the volume of spam stagnates or falls due to improved filtering then the spammers must make sure the emails that get through are more effective.

The battle against spammers is often referred to as an 'arms race' as one side attempts to outgun the other. In such military terms, the blunderbuss, scattergun approach of 2002 is now being replaced by smart-bombs.

Another reason for this apparent levelling off may be the replacement of home PCs over Christmas and the sales period. Many older machines would have bee infected by Trojans and backdoors, playing a huge part in the sending of spam by creating networks of bot-nets.

While there is a natural attrition throughout the year of infected machines being taken offline or repaired, Christmas will have put a more considerable dent in this zombie army.

SurfControl's Purdham told silicon.com the newer machines finding their way into homes during December and January will also be better protected.

"One of the key factors of the new machines users will have been buying is what Microsoft has been doing with XP. SP2 is so much more difficult to infiltrate because Microsoft has filled in so many of the holes."

However, Purdham conceded that history has shown that new defences merely invite new forms of breaching them and he said "without a doubt" the spammers, hackers and virus writers will learn new ways into users' machines.

"Go back and look at something like Bayesian filtering. For a while it was hailed as the solution to spam and we were told blocking keywords would stop the problem. And it did, for about a month, until the spammers started cutting and pasting whole passages of white-on-white text which the user couldn't see but which fooled the Bayesian filters."

So now the spammers must find new ways to recruit a fresh-faced army of compromised machines and they are wasting little time according to MessageLabs' Sunner. Newly created Trojans are finding their way onto users' machines and once there are creating more sophisticated ways of routing spam traffic.

"Right now we're seeing a new breed of Trojan which works out what ISP is being used and smart hosts the mail to them. New bot-net networks are being created to send mail via the ISPs mail servers."

Sunner added the advantage to spammers of this method is that ISPs are very unlikely to get blacklisted. According to Sunner, the problem is already hitting users in the US where major ISPs have already been targeted.

"The result is that we'll see more and more spam that appears to come from the service providers. It's starting to happen right now and we'll definitely see another increase in spam as a result," added Sunner.