Home
Links
 
Home Page
make a choice: Photoshop 7 or Photoshop CS/CS 2
Uncle Gugl - a giant
How to name a Web-site?
Spam - a problem of a century
register_globals=oN? You in danger!
Gathering of statistics on PHP
Transformation XML + XSLT with help Sablotron
Patterns of documents and Perl
The signature or avatars on pkhp
Privatnost` in the Internet
Use of the module for job with patterns
Alternative MIME:: Parser and Email:: Simple
Job with sessions in perl
Creation of dynamic forms with help JavaScript
*.JS when to be loaded you think?
Module CGI.pm
XML in 10 theses
Platformo-independent dynamic site - a myth or a reality?
Something about WAP
 
topic

Spam - a problem of a century

What is the spam or who adjusts filters


Certainly, the spam is poorly and consequently, struggle against a spam is well. It would seem, all is simple, however this struggle has also back. Probably, you collided{faced} with a situation when your business letter for not clear reason has been cut out by the filter to which it seemed, what is it a spam. It is even worse, that now your address has got in the black list. And the addressee to whom you in perplexity call, speaks, that it is necessary to write to the system administrator - that will understand, what's happened. Exact definition, that such a spam, still no. While lawyers discuss formulations, we shall define idle time: « Spam in each concrete case is that falls under eliminating politics which will be adjusted by the manager of the given mail server ». In that case at once it is understandable, on whom depends, whether there will be a letter otsejano as a spam. An opportunity to define{determine}, what mail to pass{miss}, and what to cut, gives additional levers of authority. And wishing to give a command always will be. In such situation email ceases to be means of free dialogue and the more so reliable business.


Other extreme measure is a spam - filter which does not reject the letter, and places them in a special folder. As soon as there comes the letter with suspicion on a spam, the program informs on it the user, suggesting to make sure, that the letter really contains a spam! Agree, such politics of safety at all does not facilitate a life. I, certainly, do not stand up for a spam, but the principle in struggle against it  should be one - « do not do much harm! »

Legislative struggle against a spam


In the USA in December, 2003 the law according to which malicious senders of a spam can be fined for the sum up to 6 million dollars has come into force and are made under the guard for five years. However, according to researches of company CipherTrust, 86 % of the spam received during the period from May till July of this year, have come from the USA. For reception of these data the company investigated about 5 million the undesirable letters, clients CipherTrust sent to one thousand. While American spamerskie IP-addresses make only 28 % from total, from them is dispatched many times more spam, than with spamerskikh addresses in other countries. Similar, spamerov from the USA not strongly frightens the above mentioned law.


For comparison: the share spamerskikh addresses of South Korea makes 29 %, but therefrom there come only 3 % of messages from total, from China and Hong Kong - too 3 %, from Canada - 2 %, and Ukrainian spamery bring the contribution at a rate of 1,5 % from all received uninvited messages.


Ineffective count legislative measures on struggle against a spam and in company Sophos engaged in development of programs for struggle against viruses and a spam. In the report published by the company on distribution of a spam in the world it is spoken, that 42 % spamerskoj are dispatched the correspondence from the USA, that, in opinion of experts of the company, testifies to uselessness of the interdiction accepted in this country on a spam.


The Australian experience, on the contrary, speaks about a positive effect of administrative and legislative measures on struggle against a spam. Recently the Ministry of communications informed about positive results of struggle against a spam owing to introduction of large penalties - up to 780 thousand dollars day.


As the chapter{head} of this department has declared Bean KHorton (Bob Horton), the package of laws accepted in April, 2004 has been directed on struggle with large spamerami.


Company Spamhaus tracing streams circulating in a network of a spam, has confirmed words of minister, having noted, that the quantity{amount} of the non-authorized advertising proceeding from the Australian servers, recently has considerably decreased. After introduction of new laws large Australian spamery try to transfer the operations to other countries.


Some fighters with a spam stand up for an establishment of laws according to which the companies will receive the right to dispatch advertising on email at observance of some conditions:

?         It is necessary to specify real electronic and physical addresses of organizers of dispatch;

?         The heading of the letter should correspond{meet} to his  maintenance{contents};

?         Advertising sexual character should be designated precisely;

?         In each advertising letter the way of refusal of advertising should be described.


To infringers of these rules threatens till five years of imprisonment and large penalties.


The some people, however, consider, that similar laws are ineffective and will lead to to increase in volumes of advertising dispatches which, as a matter of fact, become legalized.


To solve a problem of a spam the most different organizations undertake. In particular, the United Nations are going to establish the control over dispatches of electronic letters within the nearest two years by standardization of the legislation all over the world that it was easier to pursue spamerov in the judicial order.

New technologies of struggle against a spam


In the majority spamerskikh letters counterfeit addresses are used. In an essential measure this is promoted by an openness of the post report and complexity of definition of the real sender of the letter. To try to define{determine} a source of the letter it is possible on the following three items{points}:

Envelope-from - to the heading added in the letter by mailers on delivery to his  final addressee;

From - to value of a field « From whom » in the message;

To other service headings which can be used as the help information (Sender, Resent-To, Resent-From, etc.).


Spamery can try to forge these parameters: From - to lead into error users, Envelope-from - to deceive mail servers and antispamovye systems. Recently for reduction of an opportunity of a similar deceit the technology of identification of the sender of the electronic message - SPF (Sender Policy Framework), developed by company Meng Weng Wong has been offered. This technology allows the owner of the post domain to describe, in what degree he recommends to trust those or other servers, sending I shall esteem on behalf of post addresses in this domain, and to the addressee of the letter - to check up, whether there correspond{meet} two parameters - the IP-address of the server of the sender and the address specified in the letter, - to politics of the domain to which this address belongs.


One more technology - Sender ID - has been created on a joint of two technologies: Caller ID (previous development Microsoft) and SPF. Standard Called ID (anonsirovannyj in March) orders to the provider passing through the post traffic to mark each letter the present IP-address from which it has been sent. The party  of the addressee checks this marks on the database and filters a mail.


Universal introduction Sender ID will allow to remove a serious gap in safety of email which technologies today do not interfere with any person to forge the address of the sender, than actively use spamery and virusopisateli.


Check allows to define{determine}, whether the address has been forged, that further it is possible to take into account in antispamovom the filter.


According to director Microsoft on technologies of safety and strategic development Krejga SHpiclja (Craig Spiezle), Microsoft will enter authentication of senders of electronic letters with the help of technology Sender ID in October of this year. And all mail coming on post addresses supported by the company, and it not only corporate addresses in the domain microsoft.com, but also mail boxes of users MSN and free-of-charge post service MSN Hotmail will be checked on authenticity of senders.


Sender ID allows to establish unequivocally, from what source the electronic letter is received, and to define{determine} authenticity of the sender by comparison of the IP-address from which the letter has been sent, with the IP-address corresponding to the domain in which there is a declared address of the sender.


To guarantee free passage of mail on the addresses, Microsoft recommends all providers of email to provide support Sender ID up to the end of September.


According to new rules which tries to enter Microsoft, providers of the post traffic should register in DNS special SPF-recordings that addressees could define{determine} unequivocally, whether the address of the sender is forged. Thus the server of the addressee will check the letter both at a level of "envelope", and at a level « bodies of the message ».


Letters from servers without support Sender ID will not be rejected, however, as against letters with Sender ID, they should pass through the filters of a spam based on statistical algorithms. Some post services already support Sender ID. In particular, recently about support Sender ID company " Yandex " has declared.


Many providers, however have got SPF-recordings already while only units have dared to switch on check of incoming documents under this standard. Company Microsoft as one of the largest providers of email, hopes, that its{her} example will push other companies to use SPF.


It is necessary to note, however, that in themselves technologies of acknowledgement{confirmation} of the address of the sender (SPF and Sender ID) are not effective methods of struggle against a spam. It is declared, in particular, by representatives CipherTrust. According to the company, technologies SPF and Sender ID actively accustomed not only providers and the companies, but also spamerami. In May - July of this year about 5 % checked up CipherTrust electronic letters came from the servers supporting SPF or Sender ID, and a spam among these of 5 % was even a little bit more, than usual letters.


Nothing prevents spameram, using own mail servers, to introduce support SPF or Sender ID. In this case it is impossible to forge a return address and more difficultly to avoid hit in black lists, however nothing prevents the fact of carrying out of dispatch. According to developers of technology SPF, its{her} problem  - to prevent a fake of return addresses, and no more that. And that spamery will use SPF and Sender ID, there is nothing bad. On the contrary, at enough wide circulation of these technologies processes of conducting lists spamerskikh servers and blocking of the correspondence from them will be simplified.


Recently the message that IBM has developed one more technology of struggle against a spam - SpamGuru, uniting a number{line} antispamovykh technologies which analyze both a source, and the maintenance{contents} of the letter has appeared.


To widely used antispamovym to technologies, such as identification of the sender, analysis DNS, use of white and black lists, bajesovskaja kill, SpamGuru adds new technology Chung-Kwei - algorithm which was earlier used in biotechnology. This algorithm is created by experts of research division of corporation IBM and intended for search of repeating sites in chains DNK and amino acids. At testing Chung-Kwei has revealed 96,56 % of a spam at a level of false operations of 0,066 %. Except for a combination of various technologies, SpamGuru automatically supports white and black lists, which users can easily configure depending on the needs{requirements} and from spamerskikh technologies, and also gives users an opportunity to define{determine} a level of kill for the control of false operations.


IBM plans to make accessible technology SpamGuru in decision Lotus Workplace Messaging 2.0 this autumn. The official decision on inclusion SpamGuru in Lotus Domino is not accepted yet.

The Russian statistics depresses


Laboratory " Spamtest " belonging to the company « Ashmanov and partners », has summed up research of activity spamerov in a Runet in first half of this year. In the published report it is marked, that by the end of the first half-year the level of a spam has reached{achieved} value of 70-80 % from total amount of the post traffic of a Runet. According to laboratory " Spamtest ", at the end of 2003 the share of a spam made 65-70 % from total amount of the traffic.


As it has been revealed, the spam is subject to the seasonal fluctuations correlated with movement of mail and activity of advertising campaigns.


Laboratory " Spamtest " has fixed a minimum of a spam on May, 3. In corporate mail of some small companies the share of a spam this day has decreased to the minimal parameter - 5 %, and right after May holidays spamery have renewed the activity, and increase of volume of dispatches goes as actively as before there was their recession.


Laboratory " Spamtest " understands not requested commercial advertising dispatches which are meeting the requirements of mass character and anonymity as a spam. But ordinary users are inclined to expand borders of this concept, equating to a spam all kinds of not informative and undesirable messages - autoresponds of post robots, letters with viruses, etc., as for carrying out of some kinds of similar dispatches (for example, for dispatch of viruses) is even more often used specialized spamerskoe the software.


The tendency of association spamerskikh and hacker's technologies was outlined in 2003 when spamerskoe ON for the first time it has been applied for massed virus attack. This tendency is observed and this year: in the first half-year virus attacks during which viruses were dispatched on email have been fixed some.


Epidemics of viruses result in growth spamerskogo the traffic. They provoke occurrence of a plenty not only letters containing viruses, but also other kinds of undesirable mail, for example harmless letters from which the virus "has been cut off" by any antivirus, or numerous automatic refusals in the delivery, informing the user about presence of a virus in the correspondence from his  machine.


The subjects of commercial dispatches varies depending on many factors, for example from a season: in the summer spamery offer conditioners and rest in Turkey.


Essentials of a spam are submitted in the table.


According to laboratory " Spamtest ", in the first half-year 2004 in spamerskikh streams of a Runet new versions of a spam have been marked some. Many of them simultaneously are barefaced swindle (in an English-speaking part of the Network such letters are called scam) are new versions of "nigerian" letters, attempts to steal logins / passwords from known bank systems or from mail boxes, etc.


"Nigerian" letters are the messages written on behalf of citizens of the countries with astable economy. The author of such letter usually asserts{approves}, that he has millions dollars which are stored{kept} around of the law, and for this reason cannot place money in bank. He urgently needs the bill where it is possible to transfer "dirty" money. As compensation for the help he suggests from 10 up to 30 % from the sum declared in the letter. After the trustful user gives the author of the letter access to the bill, money from him , naturally, disappear.


Till now similar letters were written exclusively in English, and in the first half-year of this year similar letters in Russian have appeared. And in English now maintain a situation developed in the Russian economy, in particular Michael Hodorkovskogo's arrest and astable position of company " Yukos ". For example, in one of letters in broken English the following is written: «... In connection with arrest of. 10000000 dollars are necessary to translate me Khodorkovsky confidentially... ».


Rather new version of a spam are offers and advice{councils} on investment. In most cases the letter contains the description « the exchange leader of week », that is the information on the company which ostensibly is on rise of cost of actions{shares}. Actually it is attempt to affect preferences of investors and share price (it is obvious, reserved by the player of the share market).


In the international classification of a spam similar letters carry to swindle (scam), though and not forbidden legally. It is possible to assume, that the majority of such dispatches are paid by holders of actions{shares} of the fine companies, interested persons, for example, to lift cost of actions{shares} up to a maximum and operatively to sell them while they again have not fallen in the price.


In 2003 experts of the company « Ashmanov and partners » predicted development of a political and other "propaganda" spam. In the first half-year of this year these forecasts were completely justified. The spam was actively used in the election campaigns come by the beginning of 2004.


One more thematic novelty of this year - offers antispamerskogo ON.


Strictly speaking, first such messages have been fixed almost one year ago but then they were individual on a background of the general{common} post traffic of a Runet. Now their quantity{amount} became appreciable though does not exceed 1 % from total amount of a spam.


Spamerskimi these offers are as on a way of the organization of dispatch (mass, anonymous, not requested), and as a matter of fact offers: the majority of links to sites where the user should search antispamerskoe ON, are already inaccessible by the moment of reception of the letter or, that it is much worse, contain viruses.


Cards « with a secret » - one more example of close consolidation spamerov and founders of viruses. In the first half-year 2004 it has been fixed at least two dispatches with use spamerskikh technologies and spamerskogo ON, masking under messages on delivery of a card. If the user made transition under the link specified in the message, that is wanted to receive a card on page of such pseudo-card of it  the virus which tried to be loaded on the user machine waited.


The basic technologies used spamerami at dispatches, remain former:

?         Use Trojan ON, established imperceptibly for the user on his  computer;

?         Application adjusted by default (that is without the password or with the known password) client devices of access - ADSL-modems, client routers, WiFi-devices, which allow at once (or after recustomizing by the malefactor) to use the user capacities for dispatch;

?         Use of old kind means - open releev, CGI-scripts on sites, etc., not changed for last six - eight years;

?         NDR-attack (Non Delivery Report) - a parcel{sending} of the letter with the counterfeit sender on the nonexistent address. The report on the nondelivery, containing the spam - message, will be sent to the counterfeit sender.


It is necessary to note, however, that for this period the quantitative parity{ratio} of the described methods has strongly changed. If the last year and earlier for delivery were used first of all fajloobmennye networks (Kazaa and similar), today distribution occurs massovo - through post viruses (Bagle, Lovgate) and through holes in Web-browsers.


The majority large virus and browser-attacks recently have already obviously commercial character: their purpose is installation by the user machine of Trojan components with its{her} subsequent use in the unfair purposes (dispatch of a spam, karding, DoS-attacks). These Trojan components, in turn, take measures for own masking and for masking control centre. For management can be used, in particular, IRC-channels or scanning all data acting on the machine is simple - in this case commands can be passed, for example, in a stream of a spam.


In result the volume of the capacities accessible spameram, has sharply increased. Now the most powerful spamery can carry out dispatch in some millions letters within only two-three hours to have time before the companies engaged in updating of antispam-filters will react. The companies - manufacturers of filters, in turn, increase frequency of updating of databases.


From other features of methods of dispatch of a spam it is possible to note trial dispatches on public post addresses during which there is a debugging of delivery through filters in a mode real time, and the organization false, that is empty dispatches which are used for zamusorivanija the post traffic and difficulty of job antispamerskogo ON.


The case with program Darkmailer is interesting. As it was found out, many spamery used the piracy version of the given program for dispatches. And when in the beginning of March this version has ceased to work, it has led to to sharp reduction of quantity{amount} of a spam for rather long period.

Receptions of detour of filters


Most promptly rate of use schedules in a spam whereas the quantity{amount} of letters with text updatings, on the contrary, is reduced increases.


The insert in the message of the "drawn" text appeared effective enough reception as it is far from being all filters are able to work with grafikoj. In the beginning of year graphic letters with imperceptible updatings brought at dispatch have appeared "mutirujuhhie" a letter - picture, that is. In result each picture several bats differs from any another in dispatch, but approximately any distinctions not appreciablly.


For the first half-year 2004 the situation with the modified texts spamerskikh messages has changed. At the end of the last year the set of letters into which in words the double letters (for example were inserted by casual image has appeared, the word "dispatch" could look as "raassylka", "raasssylka" or even "raassyllkaa"). It was done{made} for detour kontentnykh filters which ceased to learn{find out} changed typical spamerskie phrases and expressions. Now similar letters remained very little: efficiency of this reception appeared below assumed{prospective}, and customers of a spam have started to object to dispatch of advertising of their goods / firm in a similar way as the kind of illiterately written text undermined image of the company.


Other kinds of text updatings, for example casual citations, etc., continue to be used actively in spamerskikh messages.


As a whole the list of the basic receptions spamerov for detour of filters has not undergone essential changes in comparison with the last year. It still:

?         Performance of the text of the letter as the image (a graphic file);

?         Updating the text of the message by means of addition of citations and casual sequences;

?         HTML-tricks (the invisible text and so forth).