Image Spam Tops 2006 Charts, Causing Junk Email Rates to Soar; CAN-SPAM Compliance Consistently Falls Below 1 Percent During Law's Third Year
ENGLEWOOD, Colo.-Jan. 8, 2007-MX Logic Inc., a leading managed services provider of easy-to-use email and Web defense solutions for small and medium-sized businesses (SMBs), today issued its 2006 year-end threat summary, reporting that spam rates reached a historic high in December, averaging 88.1 percent of total spam volume.
On seven days in December, spam levels climbed above 90 percent, peaking Dec. 2 at 92.4 percent. The month's lowest rate of 83.2 percent occurred on Dec. 30. December's high spam levels culminated a surge in spam that began in July 2006, when the MX Logic Threat Center reported a daily average spam volume of 77.4 percent - an all-time high up to that point.
In addition, the MX Logic Threat Center, which monitors threat activity for the MX Logic Email Defense Service and MX Logic(SM) Web Defense Service, also reported that rates of compliance with the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act, which slumped to 0.25 percent in December, averaged 0.45 percent in 2006. This compares with average compliance rates of 4 percent in 2005 and 3 percent in 2004. The law went into effect on Jan. 1, 2004.
"CAN-SPAM remains a big disappointment, proving to be of little deterrence during the three years of its existence," said Sam Masiello, director of threat management, MX Logic. "While the act provides some enforcement value, CAN-SPAM is powerless against the increased sophistication of botnets."
The continued evolution of botnets, which are groups of virus-infected PCs that spammers control remotely to send billions of unwanted email messages a month, includes the 2006 adoption of image spam. Beginning primarily as ads for Rolex watches and cheap Viagra, early image spam incorporated simple images that contained little variance and failed to fool optical character recognition (OCR) software. As 2006 progressed, image spam grew in sophistication to make OCR more difficult. Now featuring mostly stock pump-and-dump scams, image spam includes more complex images, random lines and polygons, as well images divided into randomly sized parts.
In addition to intensifying the flood of spam during 2006, image spam increased the size of email messages - from an average of 16KB in the first quarter of 2006 to 23KB in the fourth quarter.
"We have started to see the next phase of image spam, which works to defeat OCR software even further by including flash movies instead of images," Masiello said. "Whether via the use of Flash movies or other technologies embedded into email, we can be sure that spammers will continue to look for ways to evolve their current methodologies to outsmart current anti-spam methods. It's a constant cat-and-mouse game."
Scott Chasin, MX Logic chief technology officer, added that Internet service providers (ISPs) in 2007 will have to focus more on containment issues, such as walled-garden approaches that quarantine computers sending mass amounts of email. In addition, ISPs will need to continue building ways to counteract spam, which will soon move beyond email.
"Spam will increase by continuing to morph into other mediums, infiltrating the Web 2.0 infrastructure, invading social networks like MySpace and comment blogs, as well as VoIP systems," Chasin said. "The mainstreaming of VoIP will bring attacks around call hijacking, voice spam insertion and redirection to spam voicemail systems. Thanks to VoIP's ability to spoof caller ID, we will most likely see 'tele-spam' campaigns calling you directly to 'spam-vertise.' The bottom line is that, when it comes to Web and email-based threats, 2007 promises to be everything 2006 was - and then some."
For more information go to: http://www.fishers-boise.com/Products+%26+Solutions/Email+%26+Web+Defense/