Spam-Virus Marriage Seen As Major 2004 Internet Threat

The use of viruses to commandeer personal computers on the Internet for relaying spam is a trend that started this year and is expected to escalate in 2004, an e-mail security company said Friday.

In the last six months, MessageLabs Inc. has seen a steady rise in the use of spam and virus techniques in sending out junk e-mail hawking drugs, pornography and sexual enhancements.

The Minneapolis-based company, which filters corporate e-mail for spam and viruses, intercepts about 27 spam messages a second today, up from two per second at the same time last year. Sixty-six percent of those messages are generated from PCs that have been taken over by spammers without the knowledge of the computers' owners, Mark Sunner, chief technology officer for MessageLabs, said.

The number of PCs commandeered by spammers is expected to increase next year. "Spammers are taking advantage of the flaw in traditional anti-virus software people are running on their desktops today," Sunner said.

Traditional anti-virus software requires users to download code capable of detecting a virus after it's released on the Internet.Until this year, people seeking a thrill from the chaos they could cause on the Internet accounted for most of the viruses. The malevolent code is hidden in an e-mail attachment that the sender tries to trick a person into opening by pretending the message is from a legitimate vendor or someone who can be trusted, like a friend.

Spammers are now using the same techniques to get PC users to unknowingly install applications that allow the machines to be used later to relay spam. The pre-eminent example of this kind of malevolent code was the Sobig.F virus, which had such an effective mass-mailing engine that it managed to shut down some corporate and government networks.

"The authors behind Sobig were definitely spammers using the virus to harvest lots of machines to blast spam," Sunner said.

Relaying spam through other computers enable spammers to remain anonymous and avoid law enforcement agencies. In addition, by hiding the original source of the mass-mailings, spammers can avoid black lists used by filtering software to separate spam from legitimate messages.

MessageLabs predicts that by April of next year, 70 percent of the e-mail traffic on the Internet will be spam, up from 50 percent today. "To be honest, I think that figure is really quite conservative," Sunner said.Other trends started this year and expected to increase in 2004 include the use of e-mail to trick people into going to what they think is a legitimate vendor's web site and provide confidential information, such as social security or credit card numbers, MessageLabs said. The latest incident this year involved an e-mail that tried to dupe PayPal customers.