Features: Magazine | Literary Review | Life | Metro Plus | Open Page | Education Plus | Book Review | Business | SciTech | Friday Review | Young World | Property Plus | Quest | Folio |

IT TRENDS

Toxic junkyards of cyberia

Outcry: An anti-spam poster posted by the University of Iowa (U.S.), overlaid with recent examples of pump-and-dump spam.

The alphabet soup of Internet-related buzzwords has seen its latest addition in recent weeks. To the long list of ‘spam’ variants, has been added a new strain of unsolicited junk e-mail: ‘pump and dump’. It works like this: millions of spam mails promote shares of an unknown company, of which the spammer has previously acquired stock.

When a significant number of mail recipients fall for the scam and start placing buy orders, the market value of the stock rises or is ‘pumped’ up. That is when the spammer sells at a profit and ‘dumps’ the shares… the price plummets and investors lose their money.

Sadly, many email users, do not stop to think why a stranger is giving away ‘hot’ tips; they invest their money in such fraudulent schemes.

On one day — August 8 — last week, scamsters launched the biggest stock manipulation scheme ever unleashed on the Internet, a tsunami of spam that saw over 500 million mails with attached PDF files all urging recipients to invest in an obscure US-listed outfit called Prime Time Stores Inc. In one 24-hour period, the global spam traffic went up by 30 per cent.

The stock in question did rise by 60 per cent before settling to 20 per cent above its pre-scam price. By then the anonymous scamsters must have spooned off a few million dollars. And what did it cost them to organise the scam?

You can buy 1 million addresses for around $100 ( Rs 4,100), a ‘Trojan Horse’ type virus to ‘deliver’ the spam for $ 500 (Rs 20,500) and hire a server to send it out for another $ 500.

The total upfront cost, estimates Panda Labs, is about $ 10,100 which is less than half a lakh of rupees… a superb return on investment for the cyber criminals.

Interestingly the target company Prime Time which is a franchisee of the ‘Seven-Eleven’ chain of convenience stores in some geographies, professed complete ignorance of the attempts to boost its stock price.

Sonic Wall, a security solutions company had warned in April this year, that new vehicles used by cyber baddies to get past the spam filters of leading Net security and anti-virus providers, were document formats like Acrobat PDF as well as Excel spreadsheets and files compressed using a Zip utility.

PDF, they suggested, was going to be the most persistent threat. (The Prime Time scam came as a 10-page PDF file). These formats fool the recipients because of their look of ‘legitimacy.’

Spam as an image, has been another favourite vehicle because so many recipients cannot resist opening files promising a candid picture of Paris Hilton or Aishwarya Rai. But Symantec, makers of Norton AntiVirus and other security products say image spam is on the wane.

F-Secure, another net security player, however, finds a new vehicle — the Forms Data Format or FDF — that is readable by any PDF package, on the rise, often looking like a company balance sheet.

When the numbers are added up, more than 40 billion of 97 billion mails exchanged in a day are spam, according to an April 2007 estimate by IDC.

Last week also saw the world’s computer security professionals gather at the annual Defcon hacker conference in Las Vegas to assess the ‘state-of-the-art’ of hacking — ethical as well as the other kind.

Ganesh Devarajan, a security expert with the Austin, Texas –based intrusion prevention specialist, Tipping Point, gave a scary demonstration of how easily Supervisory Control and Data acquisition or SCADA systems used to control critical public utilities could be hacked. Another U.K.-based technologist showed how so-called systems that control entry into offices, through the use of smart security badges could be compromised by inserting a micro controller into the wiring.

The entry control then becomes nothing more than “two screws and a plastic cover,” he said.

Another hacker conference — Black Hat — was held last week in San Francisco, back-to-back with Defcon. Here, experts warned that many makes of the ubiquitous portable media player or MP3 player had serious vulnerabilities which enabled cyber criminals to attach malicious code to music and video files that are exchanged at popular sites like YouTube.

If all this seems to suggest that the bad guys seem to be winning that may sadly be true.

Most of us have installed some form of virus and spam protection in our PCs and laptops. Most email applications claim to do their own pre-filtering.

Yet all of us continue to see our mail in boxes fill daily with unsolicited junk, offering stock buys, soliciting donations or selling Viagra. Clearly none of the commercially available solutions is 100 per cent effective.

They might stem the flow of spam and other malicious mail (sometimes they strip genuine mails in the process!) but they are clearly not stopping it completely.

Meanwhile, over half of all pricey Internet bandwidth is wasted, slowing the whole world as it communicates across Cyberia.

There is a small glimmer of hope: Researchers at the University of California, San Diego, said recently that most email scams originated from a limited number of spam servers and if the trail leading back to the source of a spam is diligently traced , they can be ‘taken down.’

They have developed a ‘Spamscatter’ technique to analyse emails and follow their links through ‘camouflage’ re-directions to the original source.

They have studied 150,000 spam mails a day, and traced them to some 7,000 distinct servers, the majority of them in the U.S. To kill spam, hit these source servers; that will turn off their economic lifeblood, say the San Diego geeks.

Thanks guys — at least we are not giving up without a fight.

It is clearly not the end of the battle against cyber crime; not even the beginning of the end. But Spamscatter might just signal the end of the beginning.

Printer friendly page  
Send this article to Friends by E-Mail