Peter Cochrane's Blog: Report from spam hell

Written on AA173 whilst flying London to Raleigh-Durham, North Carolina, and dispatched from an open LAN at a friend's home.

From the first time I used email up to the present it has been one of my primary business tools. Not only does it afford me access to vast numbers of colleagues, it streamlines everything and puts time back into my life.

Well I guess it couldn't last forever! Perhaps it was all too good to be true? Sure enough, bit-by-bit, my email efficiency has been eroded year-on-year by the growing spam menace. It all started with an occasional spurious email but then the spammers got organised, automated and aggressive.

So my reaction was like everyone else - I got a spam filter. I nurtured and trained it until it became nearly 100 per cent effective. But then, after a few years, the spammers gained ground. The dark side of the force became more cunning. They innovated and got around my filter.

My solution? Concatenated filters - one with my ISP and one on my laptop! That worked a treat for about another two years but then in 2006 spam activity suddenly doubled. And in 2007 the growth has continued to the point where this week I find myself back to square one.

Spam is overwhelming me again. What is happening? Botnets, that's what. Millions of unprotected machines across the planet that are wide open to viral attack have been hijacked to create a distributed spam engine that is now estimated to be generating more than 70 per cent of all traffic on the net. And if the current rate of growth continues there is a distinct possibility that spam might bring the whole revolution to a grinding halt.

There are even wholesalers of botnets. Yes you can actually buy the capability to become more than an annoyance - you can become a part of the threat. Lately spammers have realised they can get around filters, and even multiple filters through sheer volume. If your filter is 97 per cent efficient, then the three per cent that gets through only has to be big enough, in volume terms, to be a real problem. And it is that volume that is the problem - it is slowing down the net and as a result we are all losing efficiency.

So what can be done? I favour the following:

1. Shipping all new machines with firewalls and virus protection built in to reduce the number of systems which get turned into 'bots'.

2. Network providers and ISPs can do a lot to isolate and render useless the bot generators - in short they can block their traffic at source or mid-stream.

3. PC owners unknowingly supporting bot applications need to be identified, educated and protected.

4. Governments may have to act, especially when their countries turn out to be a primary nest of bot trading.

5. We have the ability to be able to track down and destroy individual viruses and other forms of malware enlisted by the dark side. We need the same for botnets and spam. In effect, the net needs an auto-immune system.

6. We may have to take a look at our older applications and protocols and make some hard decisions regarding their continued existence and use.

7. Finally, the base component and device industries producing the network hardware and software have a primary responsibility to take action. They have the keys to the kingdom, and whilst the growing inefficiency of the net generates inflated sales in the short term, the exponential rise of bot networks will ultimately overwhelm them too. And there is money to be made in solving the problem!

I don't think we have long to go before the situation becomes really critical. At the present rate of growth we may only have one or two years before it all goes badly wrong. In the mean time I have to dash, must comb through my spam filter to see if there are any false rejections...