Page 2 of 2
McAfee has a lot of initiatives in the works to continue to refine its capabilities to detect and stop spam as well as infiltrate botnets and cooperate with the authorities, he said.
“Tool and protocol integration through our GTI (Global Threat Intelligence) initiative is significant and ongoing,” he explained. “Better data mining, data traps and finding the key individuals who have the artistic talent to craft effective rules and hunt spammers are also very important.”
There’s no doubt that takedowns have an impact, even if historically it has been relatively short-lived. Before Operation b107, Rustock was sending billions of spam emails daily, accounting for an average of 28.5 percent of global spam from all botnets in March. That percentage was actually down from the end of 2010, when Rustock was responsible for as much as 47.5 percent of spam.
That being said, spammers will always adapt, Wosotowsky said.
“They have been constantly improving their distributed command and control capabilities over the past few years, moving into instant messaging, comments in blogs, or wiki updates to hold encoded messages to lost bots in order to lead them back to a new home,” he said. “I would also predict that we’ll see more definitive splits of the botnet (Rustock) into functional units. This will ensure when someone blocks the Rustock botnet they will only be tracking down the portion of it that was used for spam or some other obvious purpose, while the more subtle corporate espionage related infections will be safely tucked away.”
While it may seem like innovation is in a holding pattern, there is progress being made in the backend, said Symantec Abuse Desk Analyst Eric Park. “The reality is that top tier anti-spam product probably catches 99-plus percent of spam,” he said. “So it’s about the push to get that last fractional percentage point gain, which becomes more difficult as we get closer to 100 percent.
“Also, the typical end-user’s perception is based on the number of spam messages received, not the percentage filtering rate,” Park added. “For example, if one user received one spam message daily last year and one spam message daily this year, the perception would be that there has been no progress made. However, if spam output increased over that time period, the anti-spam effectiveness percentage would’ve actually increased. So the product may be doing better, but would make no difference to the end-user.”