Thursday, January 19, 2012

The Business of Electronic Spam


Last September, I wrote a post titled "Referrer Spam."  It was in response to a flood of spam this blog received, and an explanation of what referrer spam is.

If you haven't encountered it before, referrer spam works like this: 

A spammer in Country X controls a computer in Country Y.  The computer in Country Y runs a program that automatically visits sites around the Internet,  like your business website (or this blog).  Google Statistics notes the pageview from Country Y and the URL address is listed as a referring URL.  When you read the statistics for your blog, you notice the odd traffic, click on one of the mysterious referring URLs, and find a site full of Cyrillic letters and pornography.  And maybe your computer picks up a new virus. 

Essentially, spammers have tricked you into visiting their site.  But it only works if you click on that referring URL and go to that site.  Eventually, Google (or whoever your service provider is) will figure out what's going on and block these sites, forcing the spammers to try somewhere else.

On this site, the spamming went away for a while.  But lately it's started up again, and chimpwithpencil has received hundreds of mysterious pageviews from the Ukraine.  Due to Google's detailed tools, you can even see which blog post the spam bots are hitting.

Guess which post my new spam friends are reading?

Yup.  "Referrer Spam."  That single post has gotten over 100 hits in the last week.  I admit these guys have a sense of humor.  In fact, I hope that instead of using bots to visit my site, they'll come take a look themselves and actually read some of the posts.  They may enjoy them.

However, setting this hacker humor aside, why does spamming persist?

An article by Gene Marks in Forbes back in October 2011 is titled "How Spam Was Solved."  It points out that due to cooperation between companies, increased awareness among users, and better technology, email spam is much more likely to be blocked.  Marks made the interesting point that a lot of spam is now caught at the server level before it ever reaches individual users. 

Marks also wrote about the benefits of cloud-based, web browser email:  "Google and Microsoft alone are hosting email services for millions of companies. Cloud based computing has centralized e-mail data onto the servers of companies who are well positioned to deal with spam. They have their own security built into these servers in the cloud, deleting and quarantining risky messages before they’re even viewed by users."

Yet spam continues to evolve.  In an articleabout the top five malware threats he predicts for 2012, Andrew Brandt wrote, "If the spam we’ve seen is any indication, malicious spam we receive in 2012 will come in every available delivery method — email, social networks, IM — and continue to take every conceivable form: shipping confirmations, missed deliveries, reversed credit warnings, utility bills, credit card statements, complaints about you to the Better Business Bureau (whether or not you operate a business), online order confirmations from small boutique etailers, bank statements, electronic funds transfer rejection notices, poorly-spelled ‘friend notification’ emails from a wide variety of social networking sites."

This sounds more like a fresh barrage than the feeble struggles of a defeated enterprise.  Brandt also writes about the threat of zipped malware attached to messages, as well as links to hostile pages and driveby downloads. 

While I think Marks is right that we've gotten much better in dealing with email-centered spam, the spammers have figured out other ways to reach us.  Like referrer spam.  And I think the increased use of cellular telephones to access online banking and shopping makes them the current big target for hackers. 

If spam didn't work, why would hackers keep using it? I think the answer is that it must work well enough to encourage them to keep trying.  Which means the constant struggle will continue.

In the meanwhile, my new Ukrainian guests can read this post and laugh.  I just wish they'd quit spamming me.

(The pic is of a coastal town in the Ukraine that looks very nice.  It's from hotstudy.com, which is hopefully about studying abroad and not something else.)

No comments:

Post a Comment