Spammers Fight Back with Denial-of-Service Attacks

In the face of increasingly tougher state and federal law that includes fines as heavy as US$1 million and potential jail time, spammers are hitting back by attacking antispam Web sites known for assisting administrators in the fight against unwanted commercial e-mail.

The latest activity -- both from lawmakers anxious to crack down on the mass-mailing tactic and from spammers who are employing more aggressive tactics like viruses and denial-of-service (DoS) attacks -- marks a distinct escalation in the war over spam.

Coinciding with a California law that would fine spammers as much as $1,000 per unsolicited e-mail and $1 million per incident -- coupled with the Senate committee approval of a bill that would punish deceptive spammers with as much as five years in jail -- several antispam sites have been disabled in DoS onslaughts.

"We're going to see a rapid escalation in activity in the battles of this space because it's far reaching on both sides," Yankee Group analyst Paul Ritter told TechNewsWorld. "It has been rising from a level of pesky annoyance to the point that it is a very real security concern, particularly with consumers who are less likely to have up-to-date antivirus software. Marketers need it desperately for survival, and they won't go down without a fight."

Spam Gets Serious

Forrester analyst Jan Sundgren told TechNewsWorld that the legislative efforts to fight spam, which include increasingly harsher penalties for spammers and advertisers that employ unsolicited e-mail, are leading to what likely will be a protracted debate on the practice.

"I think it's coming to a head because you've got people so fed up with it [that]lawmakers are finally trying to do something about it," he said.

This week, a new California law expanded penalties on spammers -- including fines as high as $1 million for spam campaigns -- and the U.S. Senate Judiciary Committee approved a measure that would imprison deceptive spammers for as long as five years.

Striking Back

At the same time, Web sites known as "blacklists," which are used to identify and help block mail servers used by spammers, have come under attack and have even been knocked offline by DoS assaults. One such site, Monkeys.com, has advised Internet users that it was the victim of a "frame-up job" whereby spam was sent purporting to be from the antispam site.

"These messages are being sent out by parties unknown as part of a large-scale hostile prank in an obvious attempt to damage our public reputation on the Internet," said a statement on the site.

"Please be aware that we here at Monkeys.com are very active players in the global fight against bulk unsolicited e-mail on the Internet and the criminals who are perpetrating this frame-up job against us are almost certainly spammers whose prior Internet accounts we succeeded in having canceled by their prior Internet service providers," the statement said.

In addition, viruses such as last month's troublesome SoBig.F worm increasingly are using spamming components -- such as e-mail engines -- and security experts have said the escalating spam war adds another motivation to releasing the malicious code.

Antispam Advances

Ritter said the DoS and forgery efforts are among several activities spammers have undertaken to prevent action that impacts their business. The analyst also referred to legitimate lobbying efforts by industry trade groups as another tactic being employed to help protect spam.

Sundgren, who said "there's too much money involved" for spammers to stop, called the blacklist antispam method somewhat crude, referring to more advanced spam-stopping efforts that include fingerprinting -- similar to how viruses are fought -- as well as statistical techniques and heuristics, which uses behavior and probability to block unwanted e-mail.

Sundgren said antispam tools have improved tremendously and are becoming standard features of broader, common security tools. Ritter said spammers could have a leg up because they do not have to be as concerned about software quality as the spam fighters.