Spam-Virus Marriage Seen As Leading Internet Threat Next Year

The use of viruses to commandeer PCs on the Internet for relaying spam is a trend that started this year and is expected to escalate in 2004, an E-mail security company said Friday.

In the last six months, MessageLabs Inc. has seen a steady rise in the use of spam and virus techniques in sending out junk E-mail.

MessageLabs, which filters corporate E-mail for spam and viruses, intercepts about 27 spam messages a second today, up from two per second at the same time last year. In all, 66% of those messages are generated from PCs that have been taken over by spammers without the knowledge of the computers' owners, said Mark Sunner, chief technology officer at MessageLabs.

The number of PCs commandeered by spammers is expected to increase next year. "Spammers are taking advantage of the flaw in traditional anti-virus software people are running on their desktops today," Sunner said. Traditional anti-virus software requires users to download code capable of detecting a virus after it's released on the Internet.

Until this year, people seeking a thrill from the chaos they could cause on the Internet accounted for most of the viruses. The malevolent code is hidden in an E-mail attachment that the sender tries to trick a person into opening by pretending the message is from a legitimate vendor or someone who can be trusted, like a friend.

Spammers now are using the same techniques to get PC users to unknowingly install applications that allow the machines to be used later to relay spam. The pre-eminent example of this kind of malevolent code was the SoBig.F virus, which had such an effective mass-mailing engine that it managed to shut down some company and government networks.

"The authors behind SoBig were definitely spammers using the virus to harvest lots of machines to blast spam," Sunner said.

Relaying spam through other computers enables spammers to remain anonymous and avoid law-enforcement agencies. By hiding the original source of the mass mailings, spammers also can avoid blacklists used by filtering software to separate spam from legitimate messages.

MessageLabs predicts that by next April, 70% of the E-mail traffic on the Internet will be spam, up from 50% today. "To be honest, I think that figure is really quite conservative," Sunner said.

Other trends started this year and expected to increase in 2004 include the use of E-mail to trick people into going to what they think is a legitimate vendor's Web site and provide confidential information, such as Social Security or credit-card numbers, MessageLabs said. The latest incident this year involved an E-mail that tried to dupe PayPal customers.