Video Screencast Help
Security Community Blog

SPAM - a history.

Created: 11 Sep 2011
mon_raralio's picture
0 0 Votes
Login to vote

Spam, as you've already known, is any form of unsolicited or undesired email messages. An electronic form of junk mail. Taken from the food of the same name due to the common knowledge that people does not want spam (food) on a daily basis.

==================
Origins:
==================
Back in 1973 (you read that right). There was only Arpanet. Someone was working for a company engaged in computer technolgoes. He's in charge of marketing and is looking for a means of informing the people of his company's products. And in 1978, he thought of sending emails to around 400 people to market the product. And as was expected, a lot of PCs slowed down or crashed that day when users tried opening the unknown email with a long To:/Cc: list.

At the time, there are only around 1,000 users and data transfer is measured in baud. Average data transfer is less than 0.2 kbps over analog lines. And someone is sending emails to almost 80% of the users. Long story short, the US defense department weren't pleased.

Spam email is an evolution of the junk mail you receive together with your bills and personal mail. It was a feasible form of marketing as it is cheaper compared to marketing by phone or mail - otherwise known as snail mail or paper mail. There was no overhead in paper and postage or labor in the form of telemarketers and door-to-door sales.

==================
Growth:
==================
For people in marketing or advertising, mass mailing at the time is one of the cheaper alternatives. They're using the mailing lists available to them, usually provided by the email service providers and then the users would be receiving them. It is possible back then that the email is being done by encoders manually including the individual email addresses. But back then, these are legitimate companies who offer legitimate products and services. And as with any advertisements, we know that not everyone needs what was sent. But the content is for the benefit of the few that needs it. The only problem then was the time it takes to check for email. And since the users were not yet sensitized between what was advertisements and what isn't, most read the contents. And companies get results.

==================
Boom in the spam economy:
==================
As Arpanet evolved to the World Wide Web and became available to more people. The Internet infrastructure expands and the costs drops. More companies and individuals are using the Internet to conduct their businesses. There's still no bullk or trash email folders. If you want to set up a cheaper or "free" email account, you are required to select one or a few of this advertisers and they would be sending you email. Or worse, you don't have an option and they'll just send you advertisments as long as you use their services. People started using mailing lists and newsletters. And these list is being sought after by companies looking into advertising. Companies investing in this method of advertisements is increasing and they're willing to pay service providers to get a hold of their list of subscribers. And so has spam evolved.

Email service providers are coaxed into giving out email addresses to advertisers who in turn get their revenue from businesses wishing to advertise with them.  And to date, spam composes roughly 90% of the emails travelling across the Internet. Just because you're not receiving them does not mean they are not being sent.

==================
Exploitation:
==================
Everyone with something to sell started going online, including those with questionable backgrounds. And since not everyone are willing to pay what the advertisers are pitching. They are forced to look elsewhere for a possible network. And some users and programmers decided to take the slack. They would be offering their services of advertising for these businesses at a cheaper rate. But then, they don't have the reach of the ISPs.
This is the point in time when malware is combined with spam to effectively reach more people. Programmers started creating softwares to send mass/bulk mails. They created malwares to get information from a users email client-specifically email addresses. And when their terminals and servers cannot deal with sending daily advertising emails or they'd rather use a different resource, create malwares to exploit the users PC to send the emails on their behalf.

And as their clientelle grew, so does their tools expand to encompass servers to collect information and send spams. Individuals form groups to increase their efficiency. Information and other resources are shared. Oftentimes for a price. And thus the underground malware and spam economy thrives.
Operating systems and softwares are searched for possible bugs that can be exploited. They hack into them to see if it can work differently than was intended. Code is inserted here and there. All of this was done to attract potential clients for legitimate busnesses or victims if the person is only concerned in getting something for nothing from the target.

==================
Security:
==================
As with the evolution of computers, softwares both useful and malware has evolved. So has spam. What was once a tool for advertisement has become a source of irritation and problems to end-users and most contain little to no useful information whatsoever. And so, security technologies also evolved to encompass spam, mass mailers and phishers to name a few. New definitions are added and new detection technologies are invented. And malware authors continue to develop and change its methods of attacks. Technologies used are similar to AV technologies, looking for malicious attachments and scripts embedded. Using a set dictionary of keywords often used by spammers. Checking the source sites for malicious activities - although this is not done on a company's antispam, but rather, collected by honeypot servers spread across the globe and new rules are sent to the subscribers to have them blocked. And the game of cat and mouse between malwares and security solution continues.

And as a gift to you for reading this far. A link to an interview of the person who was named as "The Father of Spam".
http://www.esecurityplanet.com/trends/article.php/...