Spamhaus DDoS attack not to blame for rise in spam

Updated happygeek 4 Tallied Votes 576 Views Share

The media, online and off, has been full of scare stories about the 'biggest Internet attack ever' and how a distributed denial of service (DDoS) campaign aimed against anti-spam outfit Spamhaus peaked at an attack volume of 300 Gbps (the highest ever recorded by those who record such things) was 'slowing down the global Internet'. DaniWeb didn't join the rush to shout 'the sky is falling' as, frankly, we didn't believe it as there was precious little evidence to be found that the DDoS attack was impacting anyone other than Spamhaus along with it's anti-DDoS protection service CloudFlare and their upstream providers. Sure it was a serious attack, one that could well have implications on the direction such things are heading in, and potentially could be bad news for all of use. However, the Internet did not slow down and for the vast majority of global users there was no noticeable effect at all. The one area that you might think would be impacted is the amount of spam that reaches your mailbox. After all, if one of the main organisations responsible for keeping the lid on spam distribution channels is taken off air then surely we can expect to see spam levels peak. So when a press release arrived following these attacks which proclaimed that spam is twice as likely to be hitting mailboxes than previously, I was concerned. But only for a few moments, as a bit more reading reassured me that it had nothing to do with the Spamhaus attacks at all.

001215393dd751a8dc9da91d5dd0f203

Hear the name 'Virus Bulletin' and you immediately think of anti-virus and anti-malware certification and testing, but the same organization also carries out comprehensive spam filtering reviews. In the latest of these anti-spam comparative reviews, some 17 of the products and services put to the test passed with colours that flew enough to get the coveted 'VBSpam award' but there's a catch: the majority of them did so by catching less spam than they used to. In fact, a lot less spam. Of the 19 anti-spam solutions tested, only a rather worrying three of them managed to improve their spam catch rates with nine seeing the percentage of spam they missed at least double compared with recent test results. Indeed, as a result of the overall test figures, Virus Bulletin now reckons that a spam is almost twice as likely to make it into your inbox on average when compared to the previous batch of tests.

If that wasn't bad enough, it appears that the majority of the products tested also had quite a bit more difficulty in preventing false positives. Only four of them correctly identified all the legitimate email in the test runs. When it came to one of the biggest scourges in the average email inbox, phishing scams, more than half of the filters failed missed "at least 10%" of them in a dedicated feed of pure phishing mail messages.

This downward trend has been spotted before as a result of the VB testing, a very similar statistical drop popped up early in 2012 and continued throughout the first half of the year before the filters caught up with the con men and halted the decline. "Spam has been a relatively good news story in recent years, with spam levels declining while catch rates remained high," VB's Anti-Spam Test Director, Martijn Grooten insists though "in spam filtering, the devil is in the details, and when we look at these details, we see more emails slipping through the maze."

Considering that much of the spam that gets delivered will come complete with malware attachments or links to an exploited web site, the fact that spam catch rates are falling is of concern. Not least as it suggests that the bad guys are keeping ahead of the good guys in terms of tweaking the delivery process in order to avoid the filtering traps. While the anti-spam industry does appear to have a record of catching up with these tricks and tweaks, the fact that it takes them half a year to do so really isn't good enough.

Member Avatar for LastMitch
LastMitch

Considering that much of the spam that gets delivered will come complete with malware attachments or links to an exploited web site, the fact that spam catch rates are falling is of concern. Not least as it suggests that the bad guys are keeping ahead of the good guys in terms of tweaking the delivery process in order to avoid the filtering traps. While the anti-spam industry does appear to have a record of catching up with these tricks and tweaks, the fact that it takes them half a year to do so really isn't good enough.

Good Article. I like the chart.

Most of the emails that doesn't look right usually got straight to my SPAM box.

I think most email accounts have that filter setting.

I have to give credit to those bad guys.

The bad guys are trying very hard to make those email appear in the inbox.

Member Avatar for diafol
diafol

Looking at the graph, it seems as though the 4 with the 0% false negs are the best. With potentially 100s of spam messages arriving every day, can we afford false negs? If we assume that we can, does that mean we then have to manually trawl through our spam folders for the odd unlawfully imprisoned msg? Woudl we be betetr not to have a spam filter in that case?

0.03-0.25% False Negs seems trifling, but for every 1000 critical business emails, you could be losing up to 3 of them. Could be nasty. I check my works email spam folder daily as I only get about 20 emails in total.

What should company / institution policy be? Check your spam folder every 2-3 days - just in case?

rajutech 0 Newbie Poster

Although Hotmail prevents all Possible spam e-mail to come directly in Inbox, But we have to check spam folder as well to avoid deleting useful e-mails. There is sudden increase in spam e-mails coming to my Junk folder.
Nice post to describe the possible points of security concerns. Hoping it will recovered soon.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.